Case Study

IMIS Database Anonymisation


Background

Allowing a 3rd party to take your database offsite is high risk for many reasons, most notably your database may be full of sensitive information including credit card numbers and passwords (albeit encrypted). No organisation wants to be in breach of privacy laws or internal policies, and so this limits your ability to have your data analysed by marketing and communication organisations and other technical services providers.

The Goal

We wanted to be able to take a customer's database and remove any trace of personal data while leaving a strong setup for testing and QA.

The Solution

We built a series of scripts that run across your iMIS database to anonymise the data. This is a semi-automated process executed in sequence that: Replaces company names, contact names and addresses with random data Truncates a series of tables to remove the ability to derive the above information Removes your saved CreditCard Authorisation usernames/passwords Resets all email addresses Writes over all credit card transactions with dummy data Writes over all EFT saved credit cards and transactions with dummy data Removes all notes from all contact records Resets usernames and passwords for all public users This process only takes a few minutes to run and leaves your database still fully accessible through the standard iMIS interfaces.

The Outcome

Running this process allows your database to now be safely backed up and taken offsite allowing 3rd parties to analyse and review your data for analysis purposes without comprimising your organisations most valuable asset.