We’ve all heard stories about data breach incidents, but what needs higher awareness are security processes that provide protection and regulation compliance. Test Data Privacy is one of them.
By definition a data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.
There are a number of reasons why implementing a Test Data Privacy solution is important. First and foremost, companies must be in compliance with various government regulations that relate to the non-disclosure of personal data. Government regulations, like HIPAA, are quite clear about severe financial penalties for each data breach, with fines compounding for each day the breach is outstanding, for each incident. For HIPAA, each individual exposed is a separate incident. That can add up very quickly.
The Controller of the Currency — one of the many government organizations that regulate banks — requires banks to protect the test data that reflects production data. An officer of one bank said, “We have 6,000 programmers on 5 continents that have access to our test data. A Non-Disclosure Agreement isn’t going to cut it.”
The data breach can be deliberate. People, such as hackers, disgruntled employees, criminals or foreign governments can intentionally access private data. A few examples of such breaches occurred in 2015 at CareFirst Blue Cross Blue Shield (hackers), Multi-Bank Cyberheist (cybercriminal ring), the Office of Personnel Management (foreign government), and the Army National Guard (poor security practices).
It can be inadvertent. There have been incidents where an outside company lost a container of tapes on the way to a secure storage facility. Obsolete computers have been sold without deleting the data on the hard drive.
Granted these were direct breaches of production data, which are usually protected more than test data. However it happens, once the data gets out, it can be a dire situation for companies and customers. Companies work hard to build their reputation and earn their customers’ confidence.
Another financial hit comes in determining how a breach has occurred. A health insurance company spent over a million dollars to find how a subscriber’s health data made it onto the web. It turned out to be a third party of a third party that was testing production data, and everyone assumed that the data had been previously disguised.
The bottom line is that by implementing a Test Data Privacy solution, companies can reduce their exposure to financial disasters, whether in the form of fines and penalties for violating government regulations, or lost customers due to damage to the company’s reputation should they suffer a data breach.