In the Netherlands the use of random data has been discussed during several meetups and conferences of TestNet, the Dutch Special Interest Group in Software TestingS
- Random data like Social Security Number can be generated using a random generator while checking on validation rules.
- From a legal point of view there is a chance that you might use an existing Social Security Number. Even if the person whose number is used, does not use the software, then there is private data in the test data.
- Personally I would not be surprised, that privacy laws like GDPR and CCPA are broken in this particular case.
- For testing purposes, there is a limited set of Social Security Numbers available in the Netherlands.
- The random data issues might also apply on credit cards numbers and the like.
- I am not a legal expert, so I advise you to talk with the Legal department.
- One last warning: I once tested a tool which obfuscated production data. During my exploration of the environment I found the production data on an unexpected location.