Scrubbing Production Data For Test?
We had an issue today where several thousand customers received a notification in error due to a subset of data from our production system being used in a test system. There's been some disagreement between our team as to the best way to handle this. Management wants to scrub the production data, while some team members want to leave the (non-sensitive) data as-is.
Is there a general best practice for this? We already scrub sensitive information when using data in our test environments, but what about scrubbing less sensitive information such as email address or phone number?
We consider email and phone numbers as sensitive data. These fall into the category of "Personally Identifiable Information" (PII). We scrub all PII.
Check out the Wikipedia definition of PII.