Hi Philip,

it’s the same for us, we have very strict regulations here too.

When i set up my Koha testing instance 2 years ago, i imported around 600 fake userdata, that was enough for functionality and usability tests but of course not for performance testing. And it is far from reality, because you are dealing with ‚perfect‘ user data and not the chaotic things you have in the actual system like multiple first names.

So i’d go for anonymizing the data at a very minimal level by script, if you have some developers at hand.

Greeting Steffi

 

Von: user-mgmt@ole-lists.openlibraryfoundation.org <user-mgmt@ole-lists.openlibraryfoundation.org> Im Auftrag von Philip Robinson
Gesendet: Mittwoch, 3. Juli 2019 18:48
An: user-mgmt@ole-lists.openlibraryfoundation.org
Betreff: Re: User data in test environments

 

The primary concern is PII + FERPA data. Cornell has stringent requirements on how to handle that. We'd need to have our IT Security Office do an in-depth evaluation of the system, there are regulations about encrypting, backing up, storing, and deleting the data, and we'd want to have far more robust in-app security than our test system currently has (it's basically all-or-nothing right now). It's also not SSO yet, which is something we want.

 

Our PeopleSoft team uses an anonymizer tool on their test environments, so that should address some of the weaknesses.

 

Another dimension of this is what if FOLIO institutions want to share data sets for troubleshooting etc? How should we manage that?

 

 

 

Philip Robinson

Director of Library Systems

Cornell University

(607) 255-0098

www.library.cornell.edu


From: user-mgmt@ole-lists.openlibraryfoundation.org <user-mgmt@ole-lists.openlibraryfoundation.org> on behalf of Erin Nettifee <erin.nettifee@duke.edu>
Sent: Wednesday, July 3, 2019 12:28:51 PM
To: user-mgmt@ole-lists.openlibraryfoundation.org
Subject: RE: User data in test environments

 

Out of curiosity, Phil, what are the gaps that you all are seeing between the local instance and your standards for housing private data?

Erin


-----Original Message-----
From: user-mgmt@ole-lists.openlibraryfoundation.org <user-mgmt@ole-lists.openlibraryfoundation.org> On Behalf Of Philip Robinson
Sent: Wednesday, July 3, 2019 11:13 AM
To: user-mgmt@ole-lists.openlibraryfoundation.org
Subject: User data in test environments

Hi,

Seeking some sage counsel from our SIG ...

Our FOLIO data migration team is trying to get a handle on privacy issues for doing test loads of user data. In a meeting today three options were considered:

- Anonymizing user data
- Bringing the test system (in our case, a local FOLIO instance) up to standards that would allow it to house private data
- Testing with only a small group of select users (staff members who give us permission)

My initial response to them was to anonymize the data. Maybe some whizbang developer could run an efficient script to give everyone a random first and last name, phone number, etc.

I’d eventually like to see the test system (and certainly the prod system) brought up to privacy standards, but we’re a bit hamstrung by whatever the FOLIO developers throw at us in their releases. I opined that the third option isn’t great, because the pool of user data would be too small.

How are your institutions dealing with test user data? Do you have recommendations?

Thanks!

Phil


 
Philip Robinson
Director of Library Systems
Cornell University
(607) 255-0098
www.library.cornell.edu
 


To unsubscribe from this list please go to https://urldefense.proofpoint.com/v2/url?u=http-3A__www.simplelists.com_confirm.php-3Fu-3DmSqmaJzM1rGNkoh00drADsavQrz31wcM&d=DwIGaQ&c=imBPVzF25OnBgGmVOlcsiEgHoG1i6YHLR0Sj_gZ4adc&r=V6wYZ_ugeMEfaUTYQDN-iDFY0gVE7E-duUuihBgxZuM&m=SVZu7swZ8cUvlwB0A_WtN8PnWDTZp1rj7-0xKzgj0eY&s=UTAj3s-IcmFLAQMZuDsSRRbNf3yygLYNDzxFHXq-LQ0&e=
To unsubscribe from this list please go to http://archives.simplelists.com

To unsubscribe from this list please go to http://www.simplelists.com/confirm.php?u=Fz0Lqg7hWvXFap8ocsrRjjR2CfVrOPGc