Data Protection: Guidelines for the Use of Personal Data in System Testing

This 2nd edition is timely – there have been a number of high–profile data security breaches over the last few years which, although they do not relate to testing, have shown how vital it is to keep Data Protection at the top of the business agenda. It shows the importance of integrating testing guidelines into an organization‘s overall ‘governance‘ structure, so it is embedded in day–to–day business practice rather than something that takes special effort when testing needs to be carried out. This makes Data Protection compliance easier to achieve and monitor, and it ties in with the new standard, BS 10012 Specification for the management of personal information in compliance with the Data Protection Act 1998, which has sections on governance, audit etc. Guidance issued by the Information Commissioner‘s Office (ICO) is referenced on a number of issues (including the reporting/handling of Data Protection breaches), as well as helping companies to see how testing might fit with the Personal Information Management System (PIMS) as it is proposed in the new BS. The authors have included templates that can be used straight off the page, making it easy to apply the guidance in practice. Additionally, there are more template–style examples, such as an example of a testing policy and of a testing approval form. It is also timeless – the basic guidance will remain solid and relevant even as technology and business practice move on.

About the Author:

Louise Wiseman – Has 15 years experience in financial services, specialising in Data Protection since 1999. Is currently the Privacy and Data Protection Manager for Citigroup‘s UK Consumer division. Jenny Gordon has over 20 years experience of financial services regulation including specialist knowledge of data protection