8.9 Private data: In certain situations, due to security concerns, target systems or data transformation developers and technical support personnel may not have access to some production data. One possible scenario is that along with source data, a set of test data may be extracted from the source data and masked to filter out sensitive or private data for transformation testing. If this cleaned data is not available, an additional task will be required to extract the data for transformation and application testing. The development of cleaned test data should be included in the requirement development phase and should be authorized by security personnel and business owners of the source data. However, not using production data during the early stages of data transformation testing poses a risk. Therefore, the cleaned data prepared for testing should be complete, and created from recent production data. If a high-level analysis of production data is not performed, the risk increases. Whenever possible, a high-level analysis of the production data should be conducted after obtaining the necessary authorization. If performing a high-level analysis on production data is not allowed, it should be considered as a project risk and mitigation measures should be planned. The later stages of data transformation testing, as well as the final user acceptance testing based on transformed data, should utilize uncleaned data, as should the production data transformation testing. A plan should be made to ensure that, in the final testing phase, authorized personnel gain access to sensitive data to facilitate comparison between the source and target data structures.