We are creating several software simulations for company training. Since we are in the financial industry, our software systems often include SSN's in the data files. We have some dummy files created, but they do not go into depth as much as they should when compared to the "live" files. Our training in completely internal.
Do you create the training from "live" files and mask personal information? Or, since the training is strictly internal, is it not a concern?
When I create software simulations for one off situations, I create the training from "live" sources, mask the personal information for the simulation and then delete the source materials.
If the information is especially sensitive then I have dummy files created in the live system instead. In those cases, I keep the .story files.
We always use dummy info. We create in-depth data, as much as needed, and only then record.
In our case, the real data is data of customers of our customers. So we can never use real data. If massive data is required for testing purposes, then all the sensitive info will be changed into dummy before using it. So most of the data is real, but you can associate it with the people it came from.
Since we sometimes create training environments for our customers to use for training, we will create dummy data which has complex situations as the real data might have/ Yes, this can be a lot of a hassle to the run the processes to create such a data...
I use dummy data - I'm in healthcare so cannot use real data. I create a fake patient in our test system and make sure all fields are filled in. I work with a clinical person to make sure the data is correct even in fields we won't cover (I don't want them to mistrust the training because, for example, they noted that we had a medication that doesn't match the diagnosis).
We base that decision on if the data displayed in the course is already accessible to the learners. A lot of my software courses do contain real accounts because my audience has full access to them already. However, there are no SSNs included. I highly recommend blurring or covering those in the editing process. What tool are you using? This can be a pretty simple task, even in screencasting.
When I need to manipulate an account and don't want to make changes to a real one, that's when I build some dummy accounts. Usually the developers can make me several to use for training purposes. Or check and see if they have a QA version or sandbox they use for testing.
Thanks everyone for the responses. I have been requested to use live files because each file can vary greatly and we want to give the learner the chance to experience these differences. We have a few dummy files out there, but nothing too detailed. I have been working to make those files more realistic.
Currently, I am using Captivate for my simulations. I have been masking and/or creating fake information. This can be quite time consuming in my larger courses.
We are considering Storyline, but cost is an issue for us. I currently have Articulate Studio 09. It's difficult to justify $1400 for Studio and another $1400 for Storyline.
Careful masking the info. If I remember correctly, the masks don't destroy / obscure the info below and an industrious decompiler could easily extract the images.
Brad, is the SSN only on the main screen or throughout? Can I ask what software is?
If you already have the simulation/screencast, a work-around I have used is to create a custom callout. (I prefer blur to a solid black rectangle or anything else that can be distracting.) Then position it to appear over the SSN and on the timeline extend it to the full length of the recording (or as long as the SSN is on the screen)
If this is for internal employees that have access to the accounts anyway, this may be sufficient. If this is in any way external, I wouldn't risk it. Steve scared me
Maybe just use a dummy screen for the start page (if that's the only place the full social is displayed) and then switch to a real account once you're demonstrating functionality.
Forgive me if you are already familiar with this, but here is an older post from Tom that includes some great tips for software training. I use them all the time instead of recording lengthy screencasts.
It is crucial that if you do use real data, you hae an extra detailed QA before finalizing the materials.
We might create materials for internal use or external use, or both, and in some cases the customer will recieve the source files, so in any case we cannot use real personal\sensitive data.
The SSN is throughout the courses. We use 3 different software systems when we process files. What I have done is created a dummy number and merged it into the background. This eliminates the object from the timeline and becomes part of the background image. I prefer this over extending, because it is easy to miss extending an object in the timeline and having the number appear.
All of our courses are internal and stored on an internal web server. We have not purchased an LMS yet.
I prefer to totally avoid the whole SSN issue, but when using live data, I'm kinda stuck.
Sounds like your solution is pretty similar to ours, Brad. You have to make do with what you can, I suppose.
We often request practice/model system access & usually don't get it (time,money,etc). As a compromise, we've been building out linear simulations to at least get people clicking and "using" the software before letting them loose on the live environment.
Let me see if I can shed some light on this. I'm a techie who has been working with collection agencies and collection software for over 12 years. I believe you are in the same boat that we are; you really need to safeguard the data due to HIPPA regulations, Information Privacy rules, and FDCPA (Fair Debt Collection Protection Act). With that said I would make everything except the last four of the social masked. The next thing you need to do is mask the Driver's license number and definitely the person's date of birth. You DO NOT need to set yourself up for a lawsuit. Think about it. How well do you really know the people who will be taking your training? Just when you think you know somebody, they do something that totally blows your mind. To protect your company from lawsuits, you really need to "sanitize" you data. Also make sure that data files sent to you containing this information is zipped /encrypted and password protected. The password is never in the same email as the data file. Unless you are using some type of HTTPS or FTPS method of data transfer, emails may be intercepted.
In short when dealing with sensitive data it's better to be cautious than have a suit filed against you.
11 Replies
When I create software simulations for one off situations, I create the training from "live" sources, mask the personal information for the simulation and then delete the source materials.
If the information is especially sensitive then I have dummy files created in the live system instead. In those cases, I keep the .story files.
We always use dummy info.
We create in-depth data, as much as needed, and only then record.
In our case, the real data is data of customers of our customers.
So we can never use real data. If massive data is required for testing purposes, then all the sensitive info will be changed into dummy before using it. So most of the data is real, but you can associate it with the people it came from.
Since we sometimes create training environments for our customers to use for training, we will create dummy data which has complex situations as the real data might have/ Yes, this can be a lot of a hassle to the run the processes to create such a data...
Good luck!
I use dummy data - I'm in healthcare so cannot use real data. I create a fake patient in our test system and make sure all fields are filled in. I work with a clinical person to make sure the data is correct even in fields we won't cover (I don't want them to mistrust the training because, for example, they noted that we had a medication that doesn't match the diagnosis).
We base that decision on if the data displayed in the course is already accessible to the learners. A lot of my software courses do contain real accounts because my audience has full access to them already. However, there are no SSNs included. I highly recommend blurring or covering those in the editing process. What tool are you using? This can be a pretty simple task, even in screencasting.
When I need to manipulate an account and don't want to make changes to a real one, that's when I build some dummy accounts. Usually the developers can make me several to use for training purposes. Or check and see if they have a QA version or sandbox they use for testing.
Thanks everyone for the responses. I have been requested to use live files because each file can vary greatly and we want to give the learner the chance to experience these differences. We have a few dummy files out there, but nothing too detailed. I have been working to make those files more realistic.
Currently, I am using Captivate for my simulations. I have been masking and/or creating fake information. This can be quite time consuming in my larger courses.
We are considering Storyline, but cost is an issue for us. I currently have Articulate Studio 09. It's difficult to justify $1400 for Studio and another $1400 for Storyline.
Careful masking the info. If I remember correctly, the masks don't destroy / obscure the info below and an industrious decompiler could easily extract the images.
Brad, is the SSN only on the main screen or throughout? Can I ask what software is?
If you already have the simulation/screencast, a work-around I have used is to create a custom callout. (I prefer blur to a solid black rectangle or anything else that can be distracting.) Then position it to appear over the SSN and on the timeline extend it to the full length of the recording (or as long as the SSN is on the screen)
If this is for internal employees that have access to the accounts anyway, this may be sufficient. If this is in any way external, I wouldn't risk it. Steve scared me
Maybe just use a dummy screen for the start page (if that's the only place the full social is displayed) and then switch to a real account once you're demonstrating functionality.
Forgive me if you are already familiar with this, but here is an older post from Tom that includes some great tips for software training. I use them all the time instead of recording lengthy screencasts.
It is crucial that if you do use real data, you hae an extra detailed QA before finalizing the materials.
We might create materials for internal use or external use, or both, and in some cases the customer will recieve the source files, so in any case we cannot use real personal\sensitive data.
The SSN is throughout the courses. We use 3 different software systems when we process files. What I have done is created a dummy number and merged it into the background. This eliminates the object from the timeline and becomes part of the background image. I prefer this over extending, because it is easy to miss extending an object in the timeline and having the number appear.
All of our courses are internal and stored on an internal web server. We have not purchased an LMS yet.
I prefer to totally avoid the whole SSN issue, but when using live data, I'm kinda stuck.
Sounds like your solution is pretty similar to ours, Brad. You have to make do with what you can, I suppose.
We often request practice/model system access & usually don't get it (time,money,etc). As a compromise, we've been building out linear simulations to at least get people clicking and "using" the software before letting them loose on the live environment.
Good luck with the sims!
Let me see if I can shed some light on this. I'm a techie who has been working with collection agencies and collection software for over 12 years. I believe you are in the same boat that we are; you really need to safeguard the data due to HIPPA regulations, Information Privacy rules, and FDCPA (Fair Debt Collection Protection Act). With that said I would make everything except the last four of the social masked. The next thing you need to do is mask the Driver's license number and definitely the person's date of birth. You DO NOT need to set yourself up for a lawsuit. Think about it. How well do you really know the people who will be taking your training? Just when you think you know somebody, they do something that totally blows your mind. To protect your company from lawsuits, you really need to "sanitize" you data. Also make sure that data files sent to you containing this information is zipped /encrypted and password protected. The password is never in the same email as the data file. Unless you are using some type of HTTPS or FTPS method of data transfer, emails may be intercepted.
In short when dealing with sensitive data it's better to be cautious than have a suit filed against you.
Hope that clarifies the issue.
James
This discussion is closed. You can start a new discussion or contact Articulate Support.