Louise Wiseman and Jenny Gordon
In an area where few documented processes exist, this book provides guidelines to the use of live personal data in system testing, in compliance with the Data Protection Act 1998 (DPA).
A number of recent high-profile data security breaches, (although they do not relate to live testing) have shown how vital it is to keep data protection high on the business agenda.
Organizations have a legal obligation to respect the rights of individuals to confidentiality and to ensure security of their personal data. This guide shows that compliance need not be overly complex or expensive, and includes:
By effective use of risk assessment techniques, an organization can take a realistic view of the dangers, whilst at the same time, ensuring they comply with the law. The revised edition references the new BS 10012.
It shows the importance of integrating testing guidelines into an organization’s overall ‘governance’ structure, so testing is embedded in day-to-day business practice rather than something that takes special effort when testing needs to be carried out. This makes data protection compliance easier to achieve and monitor. It also ties in with the new standard, BS 10012:2009 Data protection. Specification for a personal information management system, which has sections on governance and audit.
Guidance issued by the Information Commissioner’s Office (ICO) is referenced on a number of issues (including the reporting/handling of data protection breaches), as well as helping companies to see how testing might fit with the Personal Information Management System (PIMS), described in BS 10012.
The authors have included templates to make it easy to apply the guidance in practice.
Additionally, there are more template-style examples, such as an example of a testing policy and of a testing approval form.
It is also timeless – the basic guidance will remain solid and relevant even as technology and business practice move on.