Hear from our iSeries experts. Put in your two cents.
Ok. Time for my irregular rant.
With HIPAA and the new privacy laws in effect, how do we still get away with using production data in our test environment? Well, it's just so quick and easy to do a CPYLIB from production to test... right?
So, you want to know what terrible disease someone has? Just look at the test data! Want to know someone's Social Security number and their DOB and their spouse's name. Just look at the test data!
I am not a fan of encrypting data in our on-line production data files. But I am a big fan of at least scrambling personally identifieable information in our test files.
I have seen cases where even bank account numbers and PIN codes are left un-altered in test data files. That along with medical diagnosis, and blood test results sitting unprotected in test data files is unconscionable and possibly even illegal.
So... Dan, What's the Big Deal? My end users see all that data every day in the production files. Yes... and that is THEIR JOB. Our job is to write, maintain and enhance programs and systems, not to snoop into personal information.
Technicians should have NO access to production data, except when handling a firecall, and then ONLY when all their actions are being fully audited using the OS/400 audit functions.
Please write some scripts to generate test data while scrambling sensitive information.
nuf said for now....
Dan Riehl
Posted by at July 6, 2005 2:56 PM
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
We welcome your comments and opinions and encourage lively debate on the issues. However, Penton Media reserves the right to delete or move any content that it may determine, in its sole discretion, violates or may violate its Terms of Use or is otherwise unacceptable. For more information, see Penton Media's Terms of Use.