This article presents a requirement for our freelancers. Failure to follow the process might represent a breach of the Freelancer Services Agreement.
In today's digital landscape, where data privacy is of utmost importance, it is crucial to exercise caution when using test data that may contain personal or sensitive information.
What is considered as sensitive data?
Social security numbers
Payment method details (bank card number, bank account information, alternative payment method account details). Both personal payment methods, and payment methods provided by Testlio teams
Personal identification document (Driver's license, passport, other equal document)
Precise geolocation
Passwords and credentials to account(s) beyond the direct system under test (e.g., the application under test integrates with another service by using direct username/password access - such as car charging management app requiring access to car manufacturer’s app credentials)
Under GDPR and CCPA, sensitive information also includes any of the following:
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
Trade-union membership;
Genetic data, biometric data processed solely to identify a human being;
Health-related data;
Data concerning a person’s sex life or sexual orientation.
Guidelines for securing sensitive data
Do not include sensitive data to the issue title or to the issue report body
Make sure you blur all sensitive data featured in the screenshot or video recording in your issue report attachments
Be mindful of featuring sensitive data in Testlio platform, Rocke.Chat or in any direct message chats or channels
Recommendations
Ensure that chosen test data is relevant for the context of the application
Ensure the availability of appropriate test data - the data used for testing should be suitable for public exposure:
Avoid using sensitive and private content during testing an application (e.g. family photos, financial invoices, etc)
Be mindful when exposing your screen during screen recording - ensure there isn’t anything personal / sensitive that you do not want others to see.
This also applies to showing other workspaces that you might have access to on the Testlio platform.
Some testing scenarios might require usage of other applications that are installed on your device - such as client emails. Make sure that you don’t expose anything personal in the screen recording in such cases.
Be also mindful about Testlio invites that may reside in your inbox.
Reminders
Cross using test data from other applications that you might have tested, is strictly prohibited.
In accordance with Freelancer Services Agreement, you have to ensure that you clean up your device from any testing artifacts after testing.
#TestlioBot