Accidental data escapes are also a major concern. Usually this type of event involves connectivity to the wider world somehow being left in place as the test system is copied from the production system. We have all read stories in the press of test mail shots accidentally being sent or invoice/payroll/check runs in a development database somehow connecting and actually performing real actions. Masking the test data,, besides protecting against deliberate acts also helps prevent impossible to predict accidents where sensitive data is inappropriately used.