There is increasing concern about the use of real/actual personally identifiable information (PII) for test and development purposes.  I'm also increasingly concerned about the use of PII by sales representatives who are showing demos to potential clients.  I was recently surprised to see a vendor showing me a demo of his security software using the actual production data of his clients, which included a vast amount of PII about his clients’ customers, such as names, social security numbers and credit card numbers.  He had accumulated this information while doing work for the clients with the software.  Needless to say, his demo turned into a long discussion about the risks involved with this practice.  Such a practice is an incident and lawsuit waiting to happen.  Unfortunately the sales staff at many companies use production data for demo purposes.  And it's not just software vendors.  Insurance representatives often show their potential clients demos using PII, as do financial organizations, and healthcare companies, plus potentially other industries.  Do you know if your sales staff is using your production data?

I just posted a new podcast, "Data De-identification and Masking Methods," a follow-up to my last podcast, “What IT Leaders Need to Know About Using Production Data for Testing.” I discuss some of the ways in which data can be de-identified, or masked, to use for not only test purposes, but also for demo and other purposes. There are many ways to de-identify and mask data.  Some are better than others.  It all depends upon the type of data you’re working with, and the associated application or system.  I briefly describe seven ways in which data can be masked and de-identified, in addition to an alternative in the slim chance that there is absolutely no way in which anything other than production data can be used for testing. The ultimate goal is to protect the privacy and confidentiality of PII while also making meaningful data available for purposes of testing, demos or analysis.