• Header Test Data Obfuscation
    Test Data Obfuscation
    In our data we trust.


Recent Information security breaches have emphasised the need for the effective management of information, especially when it relates to an individual's data privacy.

The UK Data Protection Act 1998 (DPA) defines the legal basis for the handling of personal data and can issue fines of up to £500,000 for any breach. The seventh principle of the DPA requires that “appropriate measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”. It defines personal data as any data that can be used to identify a living person. It applies only to that data which is held on computers or held in a 'relevant filing system'.

Essentially, sensitive or personal information must typically be protected by several measures: hiding the details of the information using technical measures, restricting user access, and by controlling the information lifecycle.

Data obfuscation is a technical method that enables the concealment of the true meaning of sensitive information from anyone using it, such as testers and trainees, whilst keeping the obfuscated information realistic and therefore suitable for its intended use.

Overall, data obfuscation:

  • Will directly address the requirement that security measures are adopted to protect the data being processed.
  • Protects sensitive and personal information on non-production environments by replacing it with representative but fictitious data. In the event of a data loss involving obfuscated data, a non-authorized user may be able to read the information however it will not allow them to identify an individual from the details.
  • Complies with Governance and Risk requirements to have obfuscated data balanced against its usefulness for testing purposes.

A process should be adopted for the management of the obfuscation lifecycle, to include stakeholders from the testing and governance teams to create and approve a specification, from which the technical obfuscation of data can be developed.

The process and specification will also describe the data management control requirements for the security and destruction of the data.

Key Benefits

  • Prevents fines of up to £500,000
  • More efficient automated and manual testing practices
  • Forces environments to be managed more effectively


OGS Works, 2 Atherton Street, Manchester, M3 3GS


WeWork, Moorgate, 1 Fore Street, London, EC2Y 9DT


iTest Hub, XYZ Building, Spinning Fields