Data Protection: Guidelines for the use of personal data in system testing

Louise Wiseman and Jenny Gordon







Reviewed by

Peter Wheatcroft CEng FIET FBCS CITP FCMI


6 out of 10

Data Protection GuidelinesThe companion publication (BIP 0002) to BS10012:2009 Data Protection - Specification for a personal information management system from BSI addresses the risks and controls inherent in the testing of systems, using either live or dummy data.

The booklet articulates a principle that has long been established in the systems development world, namely that the use of live personal data should be avoided if at all possible, but if it can’t, then testing using live data means that the Information Commissioner has to be notified. 

Read this and then ask what the policy of your organisation is with respect to systems testing! A small number of salutary case studies concerning poor test management are included in the guidelines and some helpful guidance is also provided about the transfer of data outside the EEA.

However, the guidelines cover a lot of the same ground as a companion book - the Data Protection Pocket Guide (see separate review) - which costs just £30, and it could be argued that there is too great an overlap to justify two publications of this type.

Further Information: BSI

More like this:

December 2009