{"id":346,"date":"2012-03-02T21:37:20","date_gmt":"2012-03-02T21:37:20","guid":{"rendered":"http:\/\/www.halkynconsulting.co.uk\/a\/?p=346"},"modified":"2012-11-24T20:46:02","modified_gmt":"2012-11-24T20:46:02","slug":"data-protection-dont-forget-to-sanitise","status":"publish","type":"post","link":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/","title":{"rendered":"Data Protection &#8211; Dont forget to sanitise!"},"content":{"rendered":"<p>Staff training is an essential part of every business. The better trained your staff are, the more motivated and efficient they are likely to be. For your training to work, it has to be a realistic simulation of the actual work your employees do.<\/p>\n<p>However, based on the ICO&#8217;s findings this week, it seems Durham University went a step too far in delivering realistic training:<\/p>\n<p>From the <a title=\"University published personal data in online training manual\" href=\"http:\/\/www.ico.gov.uk\/news\/latest_news\/2012\/university-published-personal-data-in-online-training-manual-01032012.aspx\" target=\"_blank\">ICO news release for 1 March 2012<\/a>:<\/p>\n<blockquote><p>Durham University breached the Data Protection Act after disclosing personal information in training materials published on its website, the Information Commissioner\u2019s Office (ICO) said today.<\/p>\n<p>The personal data was contained in screenshots used to demonstrate the use of particular University systems and included details such as names, addresses and dates of birth of up to 177 former students and staff. The information &#8211; which had not been anonymised &#8211; was made available on the University\u2019s website in February 2011. The University discovered the error in July 2011 and removed the material before reporting the matter to the ICO.<\/p><\/blockquote>\n<p>Durham\u00a0University\u00a0is not alone here, and a similar problem is faced by every organisation that wants to build Service Continuity or system testing platforms.<\/p>\n<p>If you are processing sensitive data &#8211; be it personal data, or\u00a0commercially\u00a0sensitive &#8211; <strong>you must ensure that every environment you use is appropriate<\/strong>. Hackers dont care if you are on a development system, identity thieves dont care if it is training material &#8211; all that matters if they can access the data or not.<\/p>\n<p>Where live data\u00a0isn&#8217;t\u00a0required (test systems, training material etc), a much better solution is to sanitise the data (sometimes\u00a0referred\u00a0to as obfuscation), which involves replacing some or all of the data with meaningless information but maintaining the structure. A common example is replacing names with randomised strings of letters, and dates of birth with fictional data such as 31\u00a0February.<\/p>\n<p>Whenever you generate sanitised data, care must be taken to ensure it really is fictional. If you are generating personal data, for example, then should your system produce data which unintentionally matches a living person, you must treat it as live personal data.<\/p>\n<p>Alternatively, if you really must use live data in your training materials, development \/ testing environments or whatever, you must ensure that the correct security controls are in place to prevent its unauthorised loss, disclosure or modification.<\/p>\n<p>Dont repeat the mistakes of Durham University.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Staff training is an essential part of every business. The better trained your staff are, the more motivated and efficient they are likely to be. For your training to work, it has to be a realistic simulation of the actual work your employees do. However, based on the ICO&#8217;s findings this week, it seems Durham [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5,3],"tags":[24,140,46],"class_list":["post-346","post","type-post","status-publish","format-standard","hentry","category-security","category-securitynews","tag-data-protection","tag-security","tag-security-management","entry"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Data Protection - Dont forget to sanitise! - Halkyn Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Protection - Dont forget to sanitise! - Halkyn Security Blog\" \/>\n<meta property=\"og:description\" content=\"Staff training is an essential part of every business. The better trained your staff are, the more motivated and efficient they are likely to be. For your training to work, it has to be a realistic simulation of the actual work your employees do. However, based on the ICO&#8217;s findings this week, it seems Durham [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/\" \/>\n<meta property=\"og:site_name\" content=\"Halkyn Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-03-02T21:37:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2012-11-24T20:46:02+00:00\" \/>\n<meta name=\"author\" content=\"Taz Wake - Halkyn Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/tazwake\" \/>\n<meta name=\"twitter:site\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Taz Wake - Halkyn Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/\"},\"author\":{\"name\":\"Taz Wake - Halkyn Security\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc\"},\"headline\":\"Data Protection &#8211; Dont forget to sanitise!\",\"datePublished\":\"2012-03-02T21:37:20+00:00\",\"dateModified\":\"2012-11-24T20:46:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/\"},\"wordCount\":406,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"keywords\":[\"Data Protection\",\"Security\",\"Security Management\"],\"articleSection\":[\"Security\",\"Security News\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/\",\"name\":\"Data Protection - Dont forget to sanitise! - Halkyn Security Blog\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\"},\"datePublished\":\"2012-03-02T21:37:20+00:00\",\"dateModified\":\"2012-11-24T20:46:02+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Halkyn Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Data Protection &#8211; Dont forget to sanitise!\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"name\":\"Halkyn Security Blog\",\"description\":\"Specialist Security &amp; Risk Management Consultants\",\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\",\"name\":\"Halkyn Consulting\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"width\":\"990\",\"height\":\"170\",\"caption\":\"Halkyn Consulting\"},\"image\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/2329571\",\"https:\/\/twitter.com\/HalkynSecurity\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc\",\"name\":\"Taz Wake - Halkyn Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g\",\"caption\":\"Taz Wake - Halkyn Security\"},\"description\":\"Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.\",\"sameAs\":[\"http:\/\/www.halkynconsulting.co.uk\",\"https:\/\/twitter.com\/https:\/\/twitter.com\/tazwake\"],\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/author\/tazwake\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Protection - Dont forget to sanitise! - Halkyn Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/","og_locale":"en_GB","og_type":"article","og_title":"Data Protection - Dont forget to sanitise! - Halkyn Security Blog","og_description":"Staff training is an essential part of every business. The better trained your staff are, the more motivated and efficient they are likely to be. For your training to work, it has to be a realistic simulation of the actual work your employees do. However, based on the ICO&#8217;s findings this week, it seems Durham [&hellip;]","og_url":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/","og_site_name":"Halkyn Security Blog","article_published_time":"2012-03-02T21:37:20+00:00","article_modified_time":"2012-11-24T20:46:02+00:00","author":"Taz Wake - Halkyn Security","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/tazwake","twitter_site":"@HalkynSecurity","twitter_misc":{"Written by":"Taz Wake - Halkyn Security","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/#article","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/"},"author":{"name":"Taz Wake - Halkyn Security","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc"},"headline":"Data Protection &#8211; Dont forget to sanitise!","datePublished":"2012-03-02T21:37:20+00:00","dateModified":"2012-11-24T20:46:02+00:00","mainEntityOfPage":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/"},"wordCount":406,"commentCount":0,"publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"keywords":["Data Protection","Security","Security Management"],"articleSection":["Security","Security News"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/","url":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/","name":"Data Protection - Dont forget to sanitise! - Halkyn Security Blog","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website"},"datePublished":"2012-03-02T21:37:20+00:00","dateModified":"2012-11-24T20:46:02+00:00","breadcrumb":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2012\/03\/data-protection-dont-forget-to-sanitise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Halkyn Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/"},{"@type":"ListItem","position":2,"name":"Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Data Protection &#8211; Dont forget to sanitise!"}]},{"@type":"WebSite","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","name":"Halkyn Security Blog","description":"Specialist Security &amp; Risk Management Consultants","publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization","name":"Halkyn Consulting","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","width":"990","height":"170","caption":"Halkyn Consulting"},"image":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/2329571","https:\/\/twitter.com\/HalkynSecurity"]},{"@type":"Person","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/6eb0b544119827df120fb596772d25bc","name":"Taz Wake - Halkyn Security","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6689803eeae3e16b54fab3a7a1dfd1a5ee70f3ca1a83e77278a1b1adfedc4260?s=96&d=retro&r=g","caption":"Taz Wake - Halkyn Security"},"description":"Certified Information Systems Security Professional with over 19 years experience providing in-depth security risk management advice to government and private sector organisations. Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones. Additionally, direct experience carrying out investigations into security lapses, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident. Has a detailed understanding of the Security Policy Framework (SPF) and JSP440, as well as in depth expertise in producing cost-effective solutions in accordance with legislative and regulatory guidelines. Experienced in accrediting establishments and networks as well as project managing the development of secure, compliant, workable business processes.","sameAs":["http:\/\/www.halkynconsulting.co.uk","https:\/\/twitter.com\/https:\/\/twitter.com\/tazwake"],"url":"http:\/\/www.halkynconsulting.co.uk\/a\/author\/tazwake\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9yHvD-5A","jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/comments?post=346"}],"version-history":[{"count":3,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/346\/revisions"}],"predecessor-version":[{"id":348,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/346\/revisions\/348"}],"wp:attachment":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media?parent=346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/categories?post=346"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/tags?post=346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}