ConTEST NYC 2019 has ended
Discover emergent trends and practices in software testing and quality engineering!
Back To Schedule
Thursday, November 21 • 09:15 - 10:00
Derive Good Test Data from Production Data without Breaking Privacy Laws

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Good test data is the very foundation of good testing. But good test data is hard to get. If you create it manually or build a script or program to generate test data, the test data will probably reflect your understanding of- and expectations to the production data rather than the actual properties of the production data. For that reason, it is unfortunately not uncommon to use production data or data trivially derived from production data for testing.

Using production data for testing has problems of its own. GDPR (the new EU privacy lay) applies to such data. It obviously applies when using production data directly. But surprising to many, GDPR also applies in almost all situations when test data is based on scrambled or anonymized production data.

Overall content of the talk:
* The importance of good, representative and secure test data and the importance of fast, cheap and low-friction access to the test data.
* Metrics for test data (how to measure test data quality).
* Which are the compliance and security challenges (GDPR, Segregation of Duties, data loss prevention, corporate policies, etc.).
* A helicopter view of the most relevant articles of GDPR.
* A helicopter view of the techniques that can be used to protect data, such as anonymization, pseudonymization, synthetic data, tokenization, and format-preserving encryption.
* Strategies for generating test data while respecting privacy and security.
* How to ensure GDPR compliance.
* What to do next and where to start.

Martin will also make sure to address some of the most prominent and serious misconceptions, such as that many believe that data can easily be anonymized (and thus get out of GDPR scope) and that hash function can ensure privacy. Without good test data, your test is not representative to the real-life production situation.

avatar for Martin Boesgaard

Martin Boesgaard

CEO & Founder, PII Guard
Martin has a passion for information security and privacy. He has led and managed the development and implementation of several large security-related projects. On top of that, he is expert in cryptography, information security and privacy after having worked in the area for 20 y... Read More →

Thursday November 21, 2019 09:15 - 10:00 EST
AMA Conference Center New York City, Room 603 1601 Broadway, New York, NY 10019, USA
  • surveys y