 |
 Home
>
Pressroom /
News Releases
/
|
|
|
 |
|
|||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||
|
Compuware warns of testing times for customer privacy
When the Data Protection Act (DPA) was first introduced in 1998, many companies struggled to comply with the privacy measures that it required. Today, although many companies have plugged the obvious gaps in their confidentiality policies, areas like application testing are still being ignored with live customer data being used to test applications. This would seem to make sense, as in order to properly test applications, valid data needs to be used but using customer data in this fashion actually contravenes the DPA. The problem is compounded by the growth of outsourcing application development to countries outside of the EU, which may not have such rigorous privacy laws as the UK. Although it may be cheaper to get the testing done in other countries, companies increase the risk of private data being appropriated for illegitimate purposes. In order to prevent data in testing labs being abused in this fashion, the DPA firmly states that customer data may not be transferred to non-EU countries unless that country has regulations which can provide similar levels of privacy protection to the UK. Currently, only Argentina, Canada, Hungary, Switzerland and Guernsey qualify, although other organisations in countries outside of the EU may be authorised to receive customer data if they can provide adequate safeguards. Not complying with these conditions may lead to prosecution, fraud and irreparable damage to corporate reputation. However, the cost savings are often too good for companies to resist. "Of course organisations will say that they have stringent measures in place to protect customers' confidential data when offshoring. However, we have seen time and again, if fraudsters are determined, they can overcome even the most stringent of security measures. In addition, even though security measures help organisations manage the risk of giving people offshore access to customer data, they do nothing to address the central issue of it being illegal to use live customer data in application testing," said Salome Kwant, regional technology manager Compuware Middle East Africa. "Many organisations overcome this by simply blanking out sensitive customer data when using data for testing purposes. However, this introduces a new quandary: in order to test thoroughly, valid data must be used, but using live data is usually against the law and desensitising data using blanking often fails to test the application comprehensively. This leaves companies with the challenge of how to test thoroughly and cost effectively, without risking their reputation through a breach of the DPA." One way to deal with this problem is to disguise the data. By exchanging known values, such as addresses, with other known values, customer data can be transformed into a form that is unrecognisable from the original but can still be processed by the systems across the organisation, with important fields, such as postcode, left intact. This process can be done automatically, removing the human risk element entirely. "This neatly remedies the testing conundrum and also solves the
offshoring related problem," Kwant continued. "If companies
want to avoid being caught up in a data scandal, they need to ensure that
the process of disguising data is automated. That way no rogue employee
has the chance to view, and misuse, confidential data that could then
be used for dubious purposes. Certainly no bank would want to tell a customer
that the reason someone is currently living it up in the Caribbean in
their name is because they didn't adequately protect confidential information.
Organisations need to sit up and ensure that they are taking responsibility
for data that is being used within the testing process regardless of whether
this work is being carried out in-house or offshore, otherwise they could
find their reputations in tatters." Compuware CorporationCompuware Corporation (NASDAQ: CPWR) maximises the value IT brings to the business by helping CIOs more effectively manage the business of IT. Compuware solutions accelerate the development, improve the quality and enhance the performance of critical business systems while enabling CIOs to align and govern the entire IT portfolio, increasing efficiency, cost control and employee productivity throughout the IT organization. Founded in 1973, Compuware serves the world's leading IT organisations, includingmore than 90 percent of the Fortune 100 companies. Compuware is a registered trademark of Compuware Corporation. All other product and company names are trademarks or registered trademarks of their respective owners.The Magic Quadrant is copyrighted March 8, 2005 by Gartner, Inc. and isreused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner'sanalysis of how certain vendors measure against criteria for thatmarketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders"quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
|
||||||||||||||||||||||||||||||||||||||||||
