• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

PM for Darmie

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    PM for Darmie

    I need to take a copy of live data for data migration testing. We have spoken with data protection and the project sponsor was sent a document which allows this to happen but states all sensitive data must be anonymised as soon as possible after the copy is taken and before the data is used for anything.

    The consultancy quoted 2 days for this work, without consulting with me first so are now trying to circumvent this part as it is taking much much longer.

    We have no tooling for this so I've written my own and am in the process of configuring it. I'm about 50% of the way through.

    The consultancy are now suggesting we run with what we have, a 50% anonymised database. This baffles me as I I think it clearly is just as bad as if I didn't do any anonymisation

    So the penalties for misuse of data are 300000 euro fine and I think jail time for the data protection officer

    What penalties face me if I follow their instructions and proceed to test with a half scrubbed database?.

    There will be end users involved and it will be obvious it's real data so it only takes one snitch.

    The kind of personal data includes full name, home address, date of birth, personal telephone number and passport number.
    Knock first as I might be balancing my chakras.

    #2
    ****ed if I know...





    But I'll probably know a bit later Keep calm and wait
    Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.

    Comment


      #3
      Ok hurry before Stek puts his oar in
      Knock first as I might be balancing my chakras.

      Comment


        #4
        I would imagine summary dismissal off the premises with the consultancy pinning on the blame on you...

        I take it all conversations have been over the phone rather than email...

        Why didn't you give the other guy the anonymising work... Clearly he quoted for it....
        merely at clientco for the entertainment

        Comment


          #5
          If you don't anonymise the data and it comes out in an audit, the end client will get a lot of stick, maybe a fine. They will obviously not be happy. Usually companies like your client are subject to regular audits.

          The question is how likely is it that the auditors will look at your piece of work in depth. They usually do spot checks to make sure procedures are being followed.

          Personally I would follow procedures or ask the client what would be acceptable.

          It does state anonymise the data as soon as possible, so there may be some leeway. Wouldn't do it without the client's approval.

          Can't you work with some data and delete the rest that woud be OK. Why all the data?

          I would delete anything you can't anonymise. You're just testing.

          Another alternative would be to give them some data in two days so they can begin testing and the rest later.
          Last edited by BlasterBates; 12 April 2015, 10:15.
          I'm alright Jack

          Comment


            #6
            Originally posted by eek View Post
            I would imagine summary dismissal off the premises with the consultancy pinning on the blame on you...

            I take it all conversations have been over the phone rather than email...

            Why didn't you give the other guy the anonymising work... Clearly he quoted for it....
            Sit down. Take a deep breath. Calm? Ok then.

            I have a full email chain that covers my arse perfectly, including one from me to the PM that this is a legal requirement.
            Knock first as I might be balancing my chakras.

            Comment


              #7
              They copied the whole database. I don't need the whole database. Even just scrubbing the bits I need is a big task.
              Knock first as I might be balancing my chakras.

              Comment


                #8
                I think others have pretty much stated, especially BB, what should be done and I know that when I have had to do something like (very, very rarely as I work at a very high level so it doesn't matter as I can see everything anyway) this we've either anonymised the data or created fake data however it seem that there is no real clear definition of what should be anonymous

                In German naturally, the following links should help but it does vary sometimes bewtween each Bündesland:

                3 BDSG Kommentar Absatz 6
                https://www.bfdi.bund.de/bfdi_forum/forum.php?
                Bundesdatenschutzgesetz
                https://www.datenschutz.de/feature/detail/?featid=101
                Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.

                Comment


                  #9
                  So how do I prevent myself from getting spattered? Or do I need to?
                  Knock first as I might be balancing my chakras.

                  Comment


                    #10
                    How your IT department is breaking data protection laws
                    Knock first as I might be balancing my chakras.

                    Comment

                    Working...
                    X