Challenges
You need to test with, or help others test with, realistic data. But the actual elements of production data are sensitive, subject to data privacy laws, or otherwise classified. The data may not even exist yet.
You are concerned about public confidence in your company's data privacy policies. And you need to comply with existing and future data privacy laws, especially if you rely on external solution providers. According to at least one lawmaker, the growing outsourcing trend threatens to undermine medical and financial privacy protections that consumers and legislators have fought hard to achieve:
"Privacy issues until now have mostly been in the U.S., but I think people are not aware of how much of their information is going outside the United States. I can't monitor medical information after it is sent overseas, but I can do something about it in the state."
- California state senator Liz Figueroa
In fact, those to whom you've outsourced development may need to perform regulatory compliance testing of your application or their systems and they will need the right test data to do it!
In addition to sensitive medical data, information shipped to foreign workers can include bank account numbers, Social Security numbers, stock holdings and credit card numbers -- all valuable information to identity thieves.
Solutions are needed to obfuscate (mask) this data -- or simulate it through realistic synthetic test data -- so that exposure of personally identifiable information (PII) is impossible.
Solutions
IRI software will address the issue of test data privacy compliance for structured, semi-structured, and unstructured sources of data on-premise or in the cloud, to:
- synthesize and load safe, realistic test data into databases, files, and reports
and/or
- find and mask sensitive data in production or test databases, and files in many formats
IRI RowGen test data generation software allows you or third-parties to create intelligent, referentially correct test data in the same formats used in production, without having to access or mask production data. The same is true of flat-file and report formats needed for development; RowGen will populate any sequential file or structured report with realistic test data without masking.
IRI FieldShield data masking software applies auditable, field-level encryption, de-identification, pseudonymization and other data-centric security functions to PII in RDBs or structured files at rest or in motion. IRI DarkShield can work with RowGen to replace values in semi-structured, and unstructured files, databases, documents, and images for test data compliance as well.
The IRI Voracity data management platform or the IRI CoSort data manipulation package -- and their SortCL program in particular -- support the functions of both RowGen and FieldShield. SortCL also transforms, migrates, replicates, reports, and speeds bulk database loads. SortCL marries data processing and protection to minimize performance bottlenecks and risks at the same time.
Simulate and share production-quality data outside your firewall without exposing PII. Comply with GLBA, HIPAA HITECH, PCI DSS, PIPEDA, the GDPR, DPDP Act, and other data privacy protection laws.
