Councils divided over data protection

News 9 Dec, 2008

A new survey has found the vast majority of UK councils cannot guarantee that all sensitive data held on their laptops is encrypted.

As many as 90 per cent of the UK’s largest city councils cannot guarantee that all sensitive data held on their laptops is encrypted, according to research released today.

Of the 40 IT decision makers working for UK councils which were questioned by network solutions provider Telindus, nearly half said they had responded to recent data leakage incidents by reviewing or rolling out new security technologies to ensure sensitive data held on laptops is protected.

But 43 per cent had no immediate plans to upgrade their data protection. Telindus said that meant they were relying on password authentication and the diligence of staff to follow security policies that state sensitive data must not be transferred to laptops.

Paul Birdman, Telindus defence and public sector specialist, told IT PRO that councils had been concentrating IT investments on those projects that enable the transformational government measures mandated centrally.

“The addition of transformational government and mobile working had been piecemeal, not allowing these councils to look at security holistically,” he said.

And, with 92 per cent of respondents saying they enabled their staff to connect to the council network from remote locations, Birdman said these councils were running the risk of human error or malicious sabotage.

He added that, for those councils that had, encrypting data would certainly help protect data from the opportunist thief. “But the key is to stop them getting at that data in the first place, in which case, you need an understanding of layered security approaches that includes an end-to-end view of the network,” he said.

The research concluded that councils should boost security at all levels in the enterprise IT infrastructure, and think beyond encryption when reviewing their security measures. Telindus specifically advised councils to consider installing a ‘track and kill’ device on all laptops, for example.

Birdman added: “But it’s important not overlook the ability to have redundancy and backup if someone does get at sensitive data. The ability to have redundancy and ensure the data is backed up is another part of the story. With other research [saying] it costs councils as much as £57 per line of lost data, they can’t afford to ignore the problem.”