Compliance

Working with limited production data access

Development teams can have complete information without compromising security and compliance policies.

Photo by Nicolas HIPPERT on Unsplash

Personal Identifiable Information (PII)

According to the National Institute of Standards and Technology, PII is information that can be used to distinguish or trace an individual’s identity — such as name, social security number, biometric data records — either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual (e.g., date and place of birth, mother’s maiden name, etc.).

Logs

The first problem is, of course, with logs. Many logs may contain Personal Identifiable Information (PII). Let’s see a list of recommendations:

People often forget about exception messages that show up on stack traces. As you review the calls to log entries, please also review the exception messages and clean them up.

2- Search your logs using regular expressions to find emails, phone numbers, zip codes, addresses, etc.

Data scrambler

Scramble PII

Policies around PII collection

Your organization should have policies to guide PII collection. As part of these policies, you must ensure that the new PII will be scrambled by the scrambler tool. So, adding PII to the data storage means that you will have to add it to the scrambler.

Fewer tickets for development teams means friction with data access

One more thing to consider is to empower your Customer Support team to handle more issues independently. Here’s a post about it:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Peter P. Lupo

Many management blogs focus on soft skills. This blog is about hard skills! Measurement, indicators, approaches, etc., for Software Engineering Management.