Hello all, It is illegal to use confidential customer data for purposes other than for which it was gathered! Therefore if you are testing with customer data, you are almost certainly breaking the law. Apparently, around 42% of companies are in breach of this law. Rigourous testing demands good test data, so I am of the opinion you need scrambled customer data. Would anyone care to suggest the best method or even donate function or C/AL algorithm for this purpose? Ta, Jon
I never heard of any NSC ‘arrested’ or fined for this offense … [:O]
Hi, Maybe not, its part of the data protection act in the UK. Apart from the legal implications… “…companies that indulge in this practice are not only compromising their customers’ rights and opening themselves up to prosecution and hefty fines, they’re also at risk of damaging their corporate reputations if test documents such as invoices find their way out to real customers…” Jon
quote:
“…companies that indulge in this practice are not only compromising their customers’ rights and opening themselves up to prosecution and hefty fines, they’re also at risk of damaging their corporate reputations if test documents such as invoices find their way out to real customers…”
As I read this phrase, it is not us (the NSC’s) who break the law, it is our customers, in letting us use this data. We didn’t collect the data for other purpose than to perform our test. Besides, what is the definition on “confidential data”? Names, adresses, etc. are public data, in my opinion. regards Alexander
This happened to a friend of mine working for a company that manufactured and sold guns… A long time ago I was asked to give Navision a copy of a customer data to test the internal structures. Before I sent the database out I wrote reports to blank all fields that could have been used to identify the customers, vendors, employees etc. Do you think this breaks the law?
No, I think you did the right thing, becuase as an employee of the company gathering the info, you are definitely bound by the DPA. However I am curious about the postion of solution centres. For example a solution center will hold a copy of the Navsion Customer’s database for ease of support/testing. But is it just the Navision database owner that has (as Alexander said), as in your case an obligation to their customers. I wondered if that obligation extends to the solution centre if they are in possession of a database to scramble the data, or if the onus is entriely on that of the Navision database owner. I suspect that the solution centre should scramble data when they receive the database, or refuse to hold copies of live databases completely, otherwise you would be assisting your customer to break the law. Maybe MBS Navision could provide a tool as a part of the Developers Toolkit for this purpose… REALITY…(loooong distance)…ME Would be good though! There isn’t a huge list of tables & columsn to scramble, I just wondered if anyone had done anything with data transformation in C/AL. Yours Upstanding member of communityly.
You could do a loop between tables, records and fields with the recordref and fieldref variable and randomize each character you pass … But you will always have to keep tablerelations intact. And even then, random is not actually random. Maybe a smart guy can get the original data back … Don’t think such can excist with Navision.
That’s why you have a contract with your NSC! Besides; If you do not trust your NSC with your data, why would you trust it with your posting function [;)]
We have contracts with our customer about databases (about securing the data etc.) I think, that all can be done through some contract with customer…
We have an important banking client who insisted that we write a program to scramble data. They went so far as to make use rename the code fields in several tables including the country table!! You can imagine why we didn’t want to do this as the process takes several hours to run. If we do see their data we’ve all signed agreements not to disclose info. The code we wrote is none standard and you wouldnt be able to use it. One suggestion might be to loop through the Fields table and use recordref and fieldref per table and change the characters in all text fields to #. Crude but it wouldn’t take and long. Alex
First of all. I believe regulation on this area will probably vary from country to country. Secondly in principal it is not the physical location of data, but the use of it, that is in question. I believe that the customer can grant the NSC permission to use his data for specific testing tasks. If he trusts his NSC, he can just give the NSC a copy of the entire database, if not he should consider only handing out the subset absolutely needed for the specific testing task. Before doing any of this, the customer should consider any legal implications of using the data in the way he is considering granting permission to. That is for instanse if any of the data is protected by law or other regulations against that specific use. Data may be either sensitive, secret or otherwise protected.