Recently the UK Government have reiterated their views on introducing custodial sentences for people and companies who breach data protection laws and do not protect personally identifiable information (PII). Justice Secretary, Chris Grayling has the ability to introduce new regulations which allow a custodial sentence to be issued for not complying with section 55 of the Data Protection Act.
Section 55 of the Data Protection Act states that it is against the law to “knowingly or recklessly without the consent of the data controller obtain or disclose personal data or the information contained in personal data…”
The regulation states how individuals must not, “…procure the disclosure to another person of the information contained in personal data.” This directly relates to the testing and development environments. Many companies’ still use full copies of live data in testing, a practice which is not only unlawful, but is also inefficient, offers poor coverage, and is costly in terms of storage. However, this still remains a common practice for many companies.
If a case for not complying with the Data Protection Act (DPA) by protecting PII is heard at a magistrate’s court then the fine is a maximum of £500k, however, if heard in a crown court the fine will be unlimited. Fines for the practice of using live data in testing regularly exceed an overall fine of 1 million pounds, this is before counting cost of commercial and brand damage. With the substantial fines, and the threat of introducing a custodial sentences under the Data Protection Act, it is more important than ever to ensure that protecting personal data in a testing environment is as high a priority as it is in production.
Grid-Tools have innovative products to help you be compliant with industry regulations and mask PII. There are tools available to subset and mask your data in a way in which it remains referentially intact, compliant, and does not impact your storage space.
Grid-Tools also offer a full test data management suite, Datamaker™, which has the ability to create data from scratch. The synthetically created data has maximum coverage, is right for the tests, richer, and importantly it is secure and will help you to avoid a data breach.
Click here to read the news article on how Chris Grayling is considering introducing custodial sentences, in an effort to ensure that personal data is protected.