Wednesday, November 08, 2006
Executive Jailtime: Using Production Data for Test Purposes
Test and development teams need to work with databases that are structurally correct functional copies of the live environments. However, they often do not necessarily need to be able to view real confidential personal information. For test and development purposes, as long as the data looks real, the actual record content is usually irrelevant.
De-identifying data is considered a leading practice, and is also legislated in regulations such as HIPAA. Basically, when data is de-identified it covers, removes or alters real or production data so that the data elements cannot be linked to a specific individual. Data that has been de-identified is generally considered acceptable to use in the test environment.
You would think that analysts who are usually all over compliance would not just focus on Sarbanes Oxley and Identity Management and would cover something more practical. I wonder if I could get James Governor of Redmonk to start blogging on this problem space. I will recommend some vendors with solutions in this space contact him...