Many firms are using live customer data to test applications.

Almost half (44 per cent) quizzed in a UK survey admitted they used valid information to run systems through their paces, a practice that leaves them potentially liable under the Data Protection Act (DPA), which prohibits organisations from using data for purposes other than those for which it was collected.

The survey, of 100 IT directors, commissioned by enterprise software firm Compuware, found ignorance about data protection legislation was rife among IT directors. Although the DPA was set up in 1998, 48 per cent of senior IT decision makers admitted to only being "vaguely familiar" with the legislation.

Compuware reckons data privacy issues have grown harder for organisations to manage over recent years with the greater use of outsourcing.

"Unless they [enterprises] have rigorous procedures in place, they run the risk of live data being leaked to third parties. This can have severe repercussions on customer confidence and company reputation, and ultimately affect the bottom line," Compuware worldwide enterprise solutions director Ian Clarke said.

The common sense answer to data protection concerns is to use fictional data. However, desensitising data might invalidate some data input fields so an application is not properly tested. Compuware suggests a better approach is to disguise data by exchanging known values, such as addresses, with dummy data in the same format. ®

Related stories

Calls to help desk = testing, survey finds (24 October 2006)
ICO issues first website enforcement order (6 July 2006)
Protection from prying NSA eyes (17 May 2006)
FTC sues over mobile phone records sale (4 May 2006)
New guidance on data protection and outsourcing (25 April 2006)
Info commissioner issues guidance on database trading (10 April 2006)
Phew! Google saves US netizens from Gov snoops (20 March 2006)
Strict liability for data breaches? (22 February 2006)