Sometimes governments can be forward-thinking – no, really bear with me – and initiatives arrive you can quietly applaud.

The Welsh Assembly Government’s e-Crime Wales is a partnership of organisations, agencies and the police – that it has dedicated police business liaison officers is thought to be a world’s first.

Data loss and security breaches are a growing problem for businesses everywhere and Detective Constable John Cherry recently confirmed something most organisations are aware of when he said: “I have found that 70 per cent of threats come from within companies, either through malicious abuse of data or simple employee ignorance of existing threats.”

A Computer Security, Issues, & Trends report placed the risk of security breaches from employee and former employees even higher, at 81 per cent.

But when government gives with one hand it can certainly take with the other and data protection issues are ever pressing (no matter that government departments have breached their own DPA principles).

When the Nationwide Building Society was fined £980,000 by the FSA for failing to manage information security back in 2007, everyone sat up and took notice.

Now the UK Information Commissioner has made it clear that companies found wanting can be hit by ‘unlimited fines’ and that it is down to the ‘data controller to comply with the data protection principles’, day-to-day demands on data use are brought into sharp relief.

No matter the security polices that are drafted, unless operational integrity is in place, good intentions will come unstuck. And when it comes to testing and development, testing on copies of production data contains unavoidable risks.

Discussions have recently centered on using representative or “fake” data for testing and development. No, there is no other secure way – not even data obfuscation. Seeing as we’re now hearing that masking algorithms can easily be re-engineered (read: http://www.guardian.co.uk/technology/2010/jan/24/computer-security-crime-anonymous-datasets) the time is now to get on the train.

Even if you set aside the advantages of the time and space saved, synthetic data is the most secure and completely compliant – it seems the case for producing synthetic data is copper-bottomed.