Sunday, November 05, 2006

Protecting sensible data on test environments


James McGovern raised the issue on this post, I think there is not such a survey about the situation in Italy, but in my own experience as a consultant I found only one customer that really cared about this stuff.

To be honest, sometimes the customer doesn’t even worry about the need of a fully equipped test environment, so we have to lower down expectations: we get what we get and we have to be happy with it. Se far we only dealt with banking or insurance customers data: I wonder what developers would do if they have the opportunity to manage some more sensible data (we don’t have fashion agencies as customers, or videogames manufacturers, so I’ll never know).

Unfortunately, the law in Italy about sensible data management is quite ambiguous, stating more or less that you should do everything possible to protect your data, which is …err everything. So I could be theoretically sued because I didn’t use Navajos to translate my Skype conversations or keep my hard disk stored in the depth of a mountain. Which is something I can do, but simply doesn’t make sense for the type of data I am currently managing. The overall result is that every simple software application that holds some personal data (almost everything, except the MP3 player) could be considered illegal. Spending money in improving security will make you just a little less illegal, so it’s pointless. So many simply don’t care, or wait for the next big scandal to know where the law limit exactly is.

Tags: , , ,

No comments: