Day: November 21, 2016

Why should we use dummy data instead of live data?

Why should we use dummy data instead of live data?

Dummy data is benign information that does not contain any useful data, but serves to reserve space where real data is nominally present. It can be used as a placeholder for both testing and operational purposes.

Dummy data must be rigorously evaluated and documented to ensure that it does not cause unintended effects.

There are obvious pro’s and con’s when using dummy data for testing.

Pro’s:

  • Easy to create a dummy set of data for testing as and when needed.
  • There is no need to obfuscate live data.
  • Testers can create the data they need without depending upon other teams.
  • A smaller data set can be created to test against where the testers know exactly what data exists (controlled sample).

Con’s:

  • Dummy data cannot fully replicate every single type of data that exists in production, thus defects could be missed.
  • Using a smaller data set means that load test results may not reflect the size of production data (web page/web service response times).
  • Processing times on a smaller dataset will not accurately reflect what will happen in production (e.g. on an Oracle Financials database).

Most organizations are still using live data in test and development environments because of a lack of awareness around data security, and they don’t know they can easily mask or de-identify sensitive data using off-the-shelf technologies without changing applications or testing processes.

Even when the awareness is there, organizations still tend to rely on real data for its speed and ease of use.

Using live, cloned data is generally regarded as a shortcut when there isn’t enough time or resources to create test data, or a secure test data strategy isn’t in place.

But these are not excuses for a practice that can put customer data in great jeopardy. It is true that in general these test systems are not Internet-accessible, but even if you have absolute trust in all your employees — never a good starting point — that doesn’t remove the risk, as many organizations will outsource parts of development and hire contractors, consultants, and the like.  And if the media has taught us anything over the last decade about carelessness, it’s that people often store this type of data on laptops and removable media devices, and those assets can get lost or stolen.

Beyond the insider threat, there’s also the very real possibility that malicious external hackers can eventually work their way deep enough into the network after a blended attack and get their hands on test applications and live data.

The biggest change in recent years is the legislation requiring live data to be obfuscated on pre-live environments.  The challenge is to replicate live issues on non-live environments, and to test on live-like data prior to releasing code to production. Failure to do so can lead to defects being uncovered in production, just due to a deficiency in the actual data or the volume of the data used on a test environment.

It’s a challenge but one that cannot be ignored. Either you use hand-crafted dummy data, or obfuscated live data – either way, you cannot just take live data and test it unchanged!

 

Under what circumstances will you hold your TFN

Under what circumstances will you hold your TFN

Tax file numbers are unique numbers issued by the Australian Taxation Office (ATO) to identify individuals, corporations and others who lodge income tax returns with the ATO.

Once you get a tax file number (TFN), you need to keep it safe. Your TFN is how we identify you for tax and super. It’s yours for life, so don’t let anyone else use it – not even friends or family.

If someone else uses your TFN, it can cause serious problems because they could use your name illegally and you could be convicted of a crime.

Your TFN information must only be used or disclosed by TFN recipients for:

  • a purpose authorised by taxation law, personal assistance law or superannuation law
  • the purpose of giving you TFN information that they hold about you.
  • lodge a tax return
  • apply for income assistance or support payments, such as pensions or benefits from DHS (which administers the Centrelink, Child Support and Medicare Programs) or DVA
  • start a new job or change jobs
  • have savings accounts or investments that earn income (eg interest or dividends)
  • receive a payment under the Higher Education Loan Program
  • join a superannuation fund.

TFNs may not be used by a financial institution to confirm your identity.  You must make sure you keep your TFN information in a safe place.  It should be properly destroy any TFN information that you no longer need. This will help prevent other people stealing your identity. You should report a lost or stolen TFN, or unauthorised access of your TFN information to the ATO.

The Privacy (Tax File Number) Rule 2015 (TFN Rule) outlines how your TFN information should be collected, stored, used, disclosed and kept safe. All people, agencies, organisations and other entities that are allowed to ask for your TFN information must follow the TFN Rule.

The people, agencies, organisations and other entities that are allowed to ask for your TFN information must not record, collect, use or pass on your TFN unless this is permitted under taxation, personal assistance or superannuation law.

There is no law in Australia that says you must give an authorised person, agency, organisation or other entity your TFN if they ask for it. However, sometimes there may be financial consequences if you don’t give your TFN to someone who is allowed by law to ask you for it.

 Examples

  • If you are claiming or receiving a personal assistance payment from DHS (such as a pension, benefit or allowance) they may ask for your TFN to check your information with the ATO and other agencies that make payments.
  • If you do not give DHS your TFN, certain personal assistance payments may not be paid to you. Providing your TFN is a condition of receiving most Australian Government personal assistance payments.
  • If you don’t give your employer, bank, other financial institution or superannuation fund your TFN, it may affect how much tax you pay and could result in tax being deducted from your income or your interest payments at the highest marginal rate.
  • Your superannuation fund may ask for your TFN to facilitate the location and combination of your superannuation accounts. If you decide not to quote your TFN, the fund may not be able to find any additional accounts that you may have.

When an authorised person, agency, organisation or other entity asks you for your TFN, they must tell you:

  • why they are collecting it (including the name of the law or laws that allow them to collect your TFN and the purpose for which they are collecting it)
  • that it is not an offence if you do not give them your TFN
  • what will happen if you do not give them your TFN.

This information must be included in any forms that ask you for your TFN. The description of the purposes for collection can be reasonably general as long as it adequately informs you of what the law authorises the person, agency, organisation or other entity to do with your TFN.

If you consider someone has not handled your TFN information properly, you can make a complaint to the OAIC. And before you can make a complaint to the OAIC, you must first make your complaint to the person, agency, organisation or other entity you consider has mishandled your TFN information.