Thursday 11th July 2024, Ministry of Social Development, 55 The Terrace, Wellington
For many organisations, test data management is the Achillies Heel of Data Privacy and Security. Testing often requires the use of production-like data to validate not just functionality, but also that the functionality will work with the data as it exists in the production systems (clean and unclean data). Anecdotally though, many test environments don’t have that same level of data control that production environments have.
On Thursday 11th July, the GOVIS Test Professionals Meetup were honoured to have the presence of Liz MacPherson from the Office of the Privacy Commissioner (OPC), together with Data Domain’s Phil Judd. The focus of the session was the ‘why’ and ‘how of Data Privacy and Data Security in Test Data Management.
From the Office of the Privacy Commissioner, Liz gave a clear and articulate presentation (link to the attached PDF) on the “why” - the dangers of not having a high level (production-like) level of data privacy and security with test data. From news articles to legislation, Liz provided clear and compelling evidence of why production-like treatment of test data isn’t just a ‘nice to have’ – an organisation can face compliance and enforcement action if it does not exist, and a data privacy breach occurs. This is on top of the obvious reputational damage that inevitably happens as well. One clear point made by Liz was that ‘as soon as a member of the organisation becomes aware that there is a problem with their data privacy and security – at that point the organisation is liable’. This places a considerable onus on those in the testing profession to ensure that production-like data security and data privacy measures do exist in the testing environment – to safeguard their organisation. With this in mind, Liz referred the meetup to brand new “Poupou Matatapu: Doing Privacy Well” guidance which has just been released on OPC’s website.
Understanding the “why” of handling data well isn’t enough though, it is important to know “how” to properly handle data. So, Data Domain followed Liz’s presentation with the ‘how’ for treatment of production data in the test environment. Phil’s presentation (Link to presentation PDF) covered the range from Data Governance and the importance of Data Polices for the organisation, through to actual techniques such as Cloning, Synthetic Data, Sub-Setting and Data Virtualisation. Simple and Advanced Masking approaches were presented, as well as implementation options.
The realisation that as soon as an individual within an agency is aware of a data security or privacy problem, that the organisation is now obligated to act was the key takeaway for me. The role that the Government Test Professional has to play in preventing test data management from becoming an Agency’s Data Privacy and Security Achilles heel is a key one – and one that is at the forefront or protecting their organisation and their client data.
A huge thanks to our presenters – Liz MacPherson from the Office of the Privacy Commissioner and Phil Judd from Data Domain. A great GOVIS Test Professionals event and one that is very relevant. A huge thanks too, to the Ministry of Social Development, our host venue for the meetup. And TTC – our event sponsor and facilitator.