GOVIS Test Professionals Meetup Recap | TTC Global

GOVIS Test Professionals Meetup Recap

Data Privacy and Security in Non-Production Data Management

Shane Version2 Cropped2
  • Shane Ross
  • 23 July 2024

GOVIS Test Professionals Meetup: Thursday 11th July – Data Privacy and Security in Test Data Management.

For many organisations, test data management is the Achilles Heel of Data Privacy and Security. Testing often requires the use of production-like data to validate not just functionality, but also that the functionality will work with the data as it exists in the production systems (clean and unclean data). Anecdotally though, many test environments don’t have that same level of data control that production environments have.

On Thursday 11th July, the GOVIS Test Professionals Meetup was honoured to have the presence of Liz MacPherson from the Office of the Privacy Commissioner (OPC), together with Data Domain’s Phil Judd. The focus of the session was the ‘why’ and ‘how' of Data Privacy and Data Security in Test Data Management.

From the Office of the Privacy Commissioner, Liz gave a clear and articulate presentation on the “why” - the dangers of not having a high (production-like) level of data privacy and security with test data. From news articles to legislation, Liz provided clear and compelling evidence of why production-like treatment of test data isn’t just a ‘nice to have’ – an organisation can face compliance and enforcement action if it does not exist and a data privacy breach occurs. This is on top of the obvious reputational damage that inevitably happens as well.

One clear point made by Liz was that ‘as soon as a member of the organisation becomes aware that there is a problem with their data privacy and security – at that point the organisation is liable’. This places a considerable onus on those in the testing profession to ensure that production-like data security and data privacy measures do exist in the testing environment – to safeguard their organisation. With this in mind, Liz referred the meetup to brand new “Poupou Matatapu: Doing Privacy Well” guidance which has just been released on OPC’s website. Learn more by reading Liz's presentation on why testing matters.

Understanding the “why” of handling data well isn’t enough though, it is important to know “how” to properly handle data. So, Data Domain followed Liz’s presentation with the ‘how’ for treatment of production data in the test environment. Phil’s presentation covered the range from Data Governance and the importance of Data Polices for the organisation, through to actual techniques such as Cloning, Synthetic Data, Sub-Setting, and Data Virtualisation. Simple and Advanced Masking approaches were presented, as well as implementation options.

The realisation that as soon as an individual within an agency is aware of a data security or privacy problem, that the organisation is now obligated to act was the key takeaway for me. The role that the Government Test Professional has to play in preventing test data management from becoming an Agency’s Data Privacy and Security achilles heel is a key one – and one that is at the forefront or protecting their organisation and their client data.

A huge thanks to our presenters – Liz MacPherson from the Office of the Privacy Commissioner and Phil Judd from Data Domain. A great GOVIS Test Professionals event and one that is very relevant. A huge thanks too, to the Ministry of Social Development, our host venue for the meetup. And TTC Global – our event sponsor and facilitator.