Independent research commissioned by Compuware has found that 44% of senior IT decision makers are using live customer data to test applications, putting them at risk of prosecution under the Data Protection Act (DPA). The DPA strictly forbids companies from using actual data for any purposes other than those for which it was collected.
Despite numerous high-profile fraud, spam and cybercrime cases, companies are still not ensuring that their data protection processes are as stringent as possible. Although the DPA was set up in 1998, 48% of senior IT decision makers admitted to only being “vaguely familiar” with the Act itself, which makes it unsurprising that just under half of the respondents are running the risk of prosecution by using live customer data when testing applications.
The research highlights the importance of keeping track of how and why IT departments use customer data. This problem has grown in recent years with many companies outsourcing their workload to external parties. 83% of the survey admitted to only using non-disclosure agreements (NDAs) to control and secure data usage when outsourcing application testing.
Although this is a legally binding document, many companies find it difficult to communicate the complex legal terms to their employees. Furthermore, there have been a few high profile cases recently where workers in outsourcing companies have been offered relatively large amounts of money for confidential information. In the future employees may find it hard to resist such offers despite having signed an NDA.
One way to deal with this problem is to disguise the data. By exchanging known values, such as addresses, with other known values, customer data can be transformed so that it is unrecognisable from the original but can still be processed by the systems across the organisation, with important fields, such as postcode, left intact. This process can be done automatically, removing the human risk element entirely.