Has lack of access to data due to security been an issue for you? We’ve been running into this more and more lately. The rules surrounding SOX and HIPAA have been interpreted in such a way by many companies that it makes it nearly impossible to do efficient development. We spend more time jumping through hoops trying to figure out how we can code for data that our development team is not even allowed to see. In some cases, our clients’ legal departments have completely shut down our development team’s ability to see any real data that includes personal information.


There are some options out there to work around this issue. One option is to de-identity data. Another option is to manufacture data to be used for development. While these options can help you stay within legal compliance while still getting development done, they add additional work as well as a layer of complexity and uncertainty. The act of de-identifying data could mask underlying issues with the data that won’t be discovered until the solution is migrated to production and real data is pumped through it. The cost of fixing the solution at that point is 100x the cost of fixing it back at the design stage.


The same can be said about engineering data for development and testing. Clever developers know how to manufacture data in such a way that all the data anomalies that are known about can be tested. But once again, there may be other anomalies in the data that simply won’t be recognized until the real live production data is used. In the mean time, the development teams continue to develop the best they can based on the best information they’re able to get their hands on. And we’re spending a lot more time educating our clients on the need for extra development time based on the lack of quality data that is available during the development and testing phases.