Posts Tagged ‘data masking’

Data Security: OECD Publishes New Privacy Guidelines for Accessing Data From Publicly Funded Research Projects

Sunday, May 6th, 2007

On May 3 the Organization for Economic and Cooperation and Development (OECD) released a new 24-page guideline,”Principles and Guidelines for Access to Research Data from Public Funding” for organizations in governments throughout the world regarding access to data from publicly funded research projects.

(more…)

Data Security: OECD Publishes New Privacy Guidelines for Accessing Data From Publicly Funded Research Projects

Sunday, May 6th, 2007

On May 3 the Organization for Economic and Cooperation and Development (OECD) released a new 24-page guideline,”Principles and Guidelines for Access to Research Data from Public Funding” for organizations in governments throughout the world regarding access to data from publicly funded research projects.

(more…)

Data De-identification and Masking Methods

Monday, July 31st, 2006

There is increasing concern about the use of real/actual personally identifiable information (PII) for test and development purposes.  I’m also increasingly concerned about the use of PII by sales representatives who are showing demos to potential clients.  I was recently surprised to see a vendor showing me a demo of his security software using the actual production data of his clients, which included a vast amount of PII about his clients‚Äô customers, such as names, social security numbers and credit card numbers.  He had accumulated this information while doing work for the clients with the software.  Needless to say, his demo turned into a long discussion about the risks involved with this practice.  Such a practice is an incident and lawsuit waiting to happen.  Unfortunately the sales staff at many companies use production data for demo purposes.  And it’s not just software vendors.  Insurance representatives often show their potential clients demos using PII, as do financial organizations, and healthcare companies, plus potentially other industries.  Do you know if your sales staff is using your production data?

I just posted a new podcast, "Data De-identification and Masking Methods," a follow-up to my last podcast, ‚ÄúWhat IT Leaders Need to Know About Using Production Data for Testing.‚Äù I discuss some of the ways in which data can be de-identified, or masked, to use for not only test purposes, but also for demo and other purposes. There are many ways to de-identify and mask data.  Some are better than others.  It all depends upon the type of data you‚Äôre working with, and the associated application or system.  I briefly describe seven ways in which data can be masked and de-identified, in addition to an alternative in the slim chance that there is absolutely no way in which anything other than production data can be used for testing. The ultimate goal is to protect the privacy and confidentiality of PII while also making meaningful data available for purposes of testing, demos or analysis.



MP3: Rebecca Herold – Data De-identification and Masking Methods