A disclosure state machine for Robin
By davew on Mar 27, 2007
I think I have an answer, although it involves a lot more housekeeping and records management on the part of the person managing the disclosure. In short:
- Start with your database, containing some bogus records.
- When a disclosure demand comes in, change sensibly-changeable elements of all the bogus records and archive the details of what the new bogus records are and who the disclosure is being made to.
- Take your database snapshot.
- Change your bogus records back to what they were (ie your "internal bogus" set).
- Protect and ship your snapshot as required.
- Iterate for each disclosure, making sure that a bogus profile is never wholly replicated across disclosures
As Robin adds, "There's also a very predictable short-term consequence, which is that if you include the bogus records, you'll get a deluge of fraud allegations from the Audit Commisson because you appear to have a load of non-existent people on your payroll - with bank details and everything."
As usual, he's quite right. I suspect that persuading the Audit Commission to accept and approve the concept of bogus records would be "difficult" to say the least, but things may well have to go that way. Maybe a better way to do "Full Disclosure" to the Audit Commission in particular when they decide to land on you, would be to send a separate and differently-protected disclosure to them, saying "and these are the bogus records in the main disclosure we just sent you"?
Robin thinks that this is very much "swings and roundabouts" - I'm more inclined to see it as "turtles all the way down" :-).