Production data, that is real data from “customers” that is gathered or used in the production environment, should not be used in non-production environments. Non-production environments include, but are not limited to, development, quality assurance (QA), test, and user acceptance testing (UAT).
Non-production environments have more access and less security, leading to more exposure of information and more likelihood of unintended disclosure. Organizations want to minimize the risks to their data and protect the privacy of their customers or users.
Organizations expect that their data will not be used in non-production environments. Stand-in data should be used. This data is very similar to the production data in format, but does not include the actual data.