IMO, an application programmer trying to solve a production problem qualifies under the 'need to know' principle when it comes to production data. Read only, of course. :-)
On Thu, Aug 6, 2009 at 12:10 PM, Frank Swarbrick<[email protected]> wrote: >>>> On 8/5/2009 at 7:46 PM, in message <[email protected]>, Rick >>>> Fochtman > <[email protected]> wrote: >> -----------------------------------<snip>------------------------------- >> >>>>In these days of HIPPA, Sarbanes-Oxley (in the US), PIPEDA (in Canada) >>>>and various other privacy acts, do you want applications people able >>>>to read production data? On the other hand how do you re-create >>>>production problems in test when the obfuscation may also eliminate >>>>the problem? >>>> >>>> >>> >>>There's the rub. I know there are many vendors out there who will be glad to >> help you "scrub" production data for use in testing, but they all sound like >> a royal pain in the *!&@# if you ask me. Until I am absolutely told I cannot >> use (copies of) production data in test I will continue to do so. Once I am >> told that I will say "sure, tell me how I can do my job without it and I'll >> consider it". >>> >>>Very sore spot with me. >>> >>>Frank >>> >>> >> ------------------------------<unsnip>---------------------------------- >> You might consider this: "age" your data. >> >> We allowed testing with production data that was at least 3 weeks old. >> In our business, after 2 days, the data was useless, even to a malicious >> attacker, so we let it age three weeks, then allowed app. staff to use >> it for test purposes. > > Interesting, but doesn't much help solve a production problem that happened > at 2am today. > > Plus the account numbers, personal identifiers (Tax ID et al), etc. most > likely won't have changed in three weeks... > > Frank > > -- > > Frank Swarbrick > Applications Architect - Mainframe Applications Development > FirstBank Data Corporation > Lakewood, CO USA > P: 303-235-1403 > F: 303-235-2075 > > > > > The information contained in this electronic communication and any document > attached hereto or transmitted herewith is confidential and intended for the > exclusive use of the individual or entity named above. If the reader of this > message is not the intended recipient or the employee or agent responsible > for delivering it to the intended recipient, you are hereby notified that any > examination, use, dissemination, distribution or copying of this > communication or any part thereof is strictly prohibited. If you have > received this communication in error, please immediately notify the sender by > reply e-mail and destroy this communication. Thank you. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
