Plugging public sector data leaks

Inside the Enterprise: government bodies seem unable to take information security seriously. Unless they do, the public will remain wary of using government services online.

data leaks

COMMENT: News that a full 132 local authorities have lost citizens' data over the last three years will surprise few security experts, and few CIOs.

Central and local government in the UK has progressively tightened policies around data security, improved access controls, and invested in data loss prevention technologies. Since the loss of the records of 25 million people by HMRC in 2007, controls over how data is stored and shared have become more rigorous. But as the latest research, compiled by Big Brother Watch, shows there is still a long way to go.

Advertisement - Article continues below

It is increasingly hard to avoid the conclusion that the issue is less one of technology, than of attitudes.

Nearly a third of councils lost data, Big Brother Watch found, and only 55 out of 1,035 incidents were reported to the Information Commissioner's Office. The privacy group had to resort to Freedom of Information requests to obtain the information, which in itself says a lot about a lack of transparency around the issue, in some public sector circles.

And it is increasingly hard to avoid the conclusion that the issue is less one of technology, than of attitudes. Although it is by no means the case everywhere, a significant minority of public sector staff appear to have a less than responsible attitude to the personal data they hold.

Advertisement
Advertisement - Article continues below

Nor do managers seem to be enforcing existing data security rules withy much rigour; according to Big Brother Watch, just nine of the one-thousand-plus data breaches resulted in a member of staff losing their job. In some authorities, copying personal identifiable data onto insecure or personal devices, including laptops and USB drives, seems to be tolerated at the very least.

Advertisement - Article continues below

Tim Patrick-Smith, CTO of IT services provider Getronics, describes a scenario where CIOs are "playing catch up" with staff who increasingly use consumer devices at work, and who need to balance flexibility with security policies. But he also suggests that a change in approach to data security with the data, rather than devices, being secured -- may be the only practical way to solve the problem.

Another answer could lie in a new EU data protection framework, expected as early as January 2012, which may force organisations to report data breaches. This would follow a similar model already operating in California.

"A statutory duty to report a data security breach should help focus the collective mind of management boards on the importance of clear corporate governance and controls over the safeguarding of personal information," suggests Sally Annereau, a data protection analyst, at law firm Taylor Wessing.

But if councils do not act, and act soon, citizens will become increasingly wary of handing over all but essential data to local government. If that happens, it will make it harder to roll out e-government services. And that will cost everyone more in the long run.

Stephen Pritchard is a contributing editor at IT PRO.

Advertisement

Recommended

Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular

Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020