Website users’ private data sanitisation in development environments is important to ensure user data protection. DIGIT provides developers with access to sanitised versions of production databases to work in the development environments of websites hosted in the Drupal infrastructure. Sanitisation of default Drupal private information on production databases such as e-mails or passwords is done automatically. However, additional private or sensitive data stored in customised database tables and fields is not sanitised automatically. For this reason, when copying production databases to development environments, developers need to check if there are customised fields or modules that include user identifiable data (name, address, company, gender, etc.) or specific sensitive data which needs protection. In that case, they need to include appropriate sanitisation code in the Drush sanitise hooks to ensure sanitisation of that private or sensitive data.

Check the documentation on how to sanitise private data on Drupal 7, 8 and 9 projects.

From 1 May, DIGIT Quality Assurance team will include private data sanitisation verification as part of the code review process.