Why Read This
Using customer, employee, or other confidential data straight from production for testing or developing applications violates data privacy laws and regulations and makes that data a soft target for attacks. Data privacy is not just a concern for production systems; it extends to nonproduction environments, too, including test, development, quality assurance (QA), staging, and training databases — wherever private data resides. Although many database administrators (DBAs) and security and risk professionals are revisiting security policies for test data, most still are not securing such data. All enterprises dealing with private data in test environments should mask or generate test data to comply with regulations such as Payment Card Industry (PCI), the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), and European Union (EU) as well as to protect against internal and external attacks.