Nearly half of U.K. companies could be breaching the Data Protection Act (DPA) through the misuse of customer data, according to research published on Monday.
The study involved 100 U.K. IT directors, and found that 44 percent were using genuine customer data when developing and testing applications. This is a breach of the second principle of the DPA, which states data should not be used for purposes other than that for which it was collected.
"It’s amazing so many U.K. companies are still using live customer data in test environments where the risk of its malicious use is so much greater," said Ian Clarke, global sales director for Compuware Enterprise Solutions, which commissioned the report.
The research, conducted by Vanson Bourne, also found 48 percent were only "vaguely familiar" with the detail of the Act itself.
"Lots of companies have taken stringent measures around the protection of customer data in the live production environment," Clarke told ZDNet UK. "But the numbers of people with no security clearance who can be exposed to that data can quadruple in the test environment."
Compuware said it was also concerned that 86 percent of those surveyed admitted sending live customer data offshore, often for development and test purposes, with nothing more than a non-disclosure agreement (NDA).
The DPA is enforced by the Information Commissioner, which warned that organisations need to take effective security precautions at all times, including when testing new systems.