Can you imagine building software without testing it? It’s hard to believe there was a time when many software teams didn’t write tests, and just handed the testing off to a separate Quality Assurance team. I remember those days; I was writing web applications in Perl when I first discovered unit tests. I was blown away by how much time test-driven development saved me personally, and started trying to convert my whole team to a testing mindset.
Software quality tests, including unit tests and regression tests, have many benefits. Tests force you to define what quality means to your project. Tests act as documentation. Tests can pinpoint specific problems and save debugging time. Wouldn’t it be great if you could have similar benefits for your privacy program?
The Benefits of Technical Privacy Tests
Privacy tests also help in the same three ways.
- Privacy tests force you to define your main concerns and your threats. You move away from abstract definitions of who and why would cause a data breach. Writing technical privacy tests, even before you run them, will enhance your threat modelling, threat awareness, and likely always awareness of the sensitive data you hold.
- Privacy tests act as documentation for your team. For example, to run a technical privacy test you define expected and undesirable behaviours. Just like in a software unit test, you need to know the limits of your system. A privacy test can be specific and include enforceable definitions of expected behavior.
- Finally, privacy tests can save you time debugging. On average, companies need 100 days to contain a data breach, which doesn’t include the time to detect it (days or months) or clean up (usually months). By comparison, technical privacy tests should make that much snappier. Not only would they help prevent a data breach, but they would also help you detect, contain, and respond if one occurred. If you are running privacy tests, you have clear modular definitions of weaknesses and vulnerabilities. You can focus on checking and defending your weak spots, instead of sweeping your entire privacy program to understand what went wrong.
Testing is already well-established in the software engineering community. I expect technical privacy tests to similarly impact privacy and security programs moving forward.
Do you want to learn whether privacy testing would help your organisation?
Schedule a time to talk to us here
Time to Contain a Data Breach: