Originally posted by suityou01
View Post
-
I suspect that you would probably be in the clear as long as you have a paper trail saying that you were told to do this, it is okay to do this, you believe that it is wrong but were overridden, you would be terminated if you didn't do it and so on. CYA...Its a very difficult situation and I would be so very very careful -
So how do I prevent myself from getting spattered? Or do I need to?Leave a comment:
-
I think others have pretty much stated, especially BB, what should be done and I know that when I have had to do something like (very, very rarely as I work at a very high level so it doesn't matter as I can see everything anyway) this we've either anonymised the data or created fake data however it seem that there is no real clear definition of what should be anonymous
In German naturally, the following links should help but it does vary sometimes bewtween each Bündesland:
3 BDSG Kommentar Absatz 6
https://www.bfdi.bund.de/bfdi_forum/forum.php?
Bundesdatenschutzgesetz
https://www.datenschutz.de/feature/detail/?featid=101Leave a comment:
-
They copied the whole database. I don't need the whole database. Even just scrubbing the bits I need is a big task.Leave a comment:
-
If you don't anonymise the data and it comes out in an audit, the end client will get a lot of stick, maybe a fine. They will obviously not be happy. Usually companies like your client are subject to regular audits.
The question is how likely is it that the auditors will look at your piece of work in depth. They usually do spot checks to make sure procedures are being followed.
Personally I would follow procedures or ask the client what would be acceptable.
It does state anonymise the data as soon as possible, so there may be some leeway. Wouldn't do it without the client's approval.
Can't you work with some data and delete the rest that woud be OK. Why all the data?
I would delete anything you can't anonymise. You're just testing.
Another alternative would be to give them some data in two days so they can begin testing and the rest later.Last edited by BlasterBates; 12 April 2015, 10:15.Leave a comment:
-
I would imagine summary dismissal off the premises with the consultancy pinning on the blame on you...
I take it all conversations have been over the phone rather than email...
Why didn't you give the other guy the anonymising work... Clearly he quoted for it....Leave a comment:
-
****ed if I know...
But I'll probably know a bit later
Keep calm and wait
Leave a comment:
-
PM for Darmie
I need to take a copy of live data for data migration testing. We have spoken with data protection and the project sponsor was sent a document which allows this to happen but states all sensitive data must be anonymised as soon as possible after the copy is taken and before the data is used for anything.
The consultancy quoted 2 days for this work, without consulting with me first so are now trying to circumvent this part as it is taking much much longer.
We have no tooling for this so I've written my own and am in the process of configuring it. I'm about 50% of the way through.
The consultancy are now suggesting we run with what we have, a 50% anonymised database. This baffles me as I I think it clearly is just as bad as if I didn't do any anonymisation
So the penalties for misuse of data are 300000 euro fine and I think jail time for the data protection officer
What penalties face me if I follow their instructions and proceed to test with a half scrubbed database?.
There will be end users involved and it will be obvious it's real data so it only takes one snitch.
The kind of personal data includes full name, home address, date of birth, personal telephone number and passport number.
Leave a comment: