Current data protection legislation in most of the developed world has the requirement to have no-one accessing personally identifiable information without cause and consent from the people owning that data. This includes masking the data when moving it from production to other systems. This legislation has been in place for over 5 years and has been warned of for over 10, meaning it should be in place in all mainstream systems by now.
There is no automated process of doing this in Dynamics, which means Microsoft support are saying an admin login should remain, then go in and change the data manually each time data is copied. There are a few code snippets suggested for doing this in SQL, meaning Microsoft are aware of how simple this could be to do centrally.
In an environment that is not well normalized, the volume of data exposed to developers, testers etc. is immense and it would be very easy for an admin to miss some. This needs to be corrected so you are not selling a product which leaves people easily exposed to substantial fines when they breach these laws. In the UK this is GDPR, there are equivalents in the US, EU etc. and there have been seriously damaging fines levied for breaches of all of them.
This needs to be remedied. It should ideally have been done over 5 years ago. Now it should be treated as urgent.
Comments
Current data protection legislation in most of the developed world has the requirement to have no-one accessing personally identifiable information without cause and consent from the people owning that data. This includes masking the data when moving it from production to other systems. This legislation has been in place for over 5 years and has been warned of for over 10, meaning it should be in place in all mainstream systems by now.
There is no automated process of doing this in Dynamics, which means Microsoft support are saying an admin login should remain, then go in and change the data manually each time data is copied. There are a few code snippets suggested for doing this in SQL, meaning Microsoft are aware of how simple this could be to do centrally.
In an environment that is not well normalized, the volume of data exposed to developers, testers etc. is immense and it would be very easy for an admin to miss some. This needs to be corrected so you are not selling a product which leaves people easily exposed to substantial fines when they breach these laws. In the UK this is GDPR, there are equivalents in the US, EU etc. and there have been seriously damaging fines levied for breaches of all of them.
This needs to be remedied. It should ideally have been done over 5 years ago. Now it should be treated as urgent.
Category: General