Plugging public sector data leaks

Inside the Enterprise: government bodies seem unable to take information security seriously. Unless they do, the public will remain wary of using government services online.

data leaks

COMMENT: News that a full 132 local authorities have lost citizens' data over the last three years will surprise few security experts, and few CIOs.

Central and local government in the UK has progressively tightened policies around data security, improved access controls, and invested in data loss prevention technologies. Since the loss of the records of 25 million people by HMRC in 2007, controls over how data is stored and shared have become more rigorous. But as the latest research, compiled by Big Brother Watch, shows there is still a long way to go.

It is increasingly hard to avoid the conclusion that the issue is less one of technology, than of attitudes.

Nearly a third of councils lost data, Big Brother Watch found, and only 55 out of 1,035 incidents were reported to the Information Commissioner's Office. The privacy group had to resort to Freedom of Information requests to obtain the information, which in itself says a lot about a lack of transparency around the issue, in some public sector circles.

And it is increasingly hard to avoid the conclusion that the issue is less one of technology, than of attitudes. Although it is by no means the case everywhere, a significant minority of public sector staff appear to have a less than responsible attitude to the personal data they hold.

Nor do managers seem to be enforcing existing data security rules withy much rigour; according to Big Brother Watch, just nine of the one-thousand-plus data breaches resulted in a member of staff losing their job. In some authorities, copying personal identifiable data onto insecure or personal devices, including laptops and USB drives, seems to be tolerated at the very least.

Tim Patrick-Smith, CTO of IT services provider Getronics, describes a scenario where CIOs are "playing catch up" with staff who increasingly use consumer devices at work, and who need to balance flexibility with security policies. But he also suggests that a change in approach to data security with the data, rather than devices, being secured -- may be the only practical way to solve the problem.

Another answer could lie in a new EU data protection framework, expected as early as January 2012, which may force organisations to report data breaches. This would follow a similar model already operating in California.

"A statutory duty to report a data security breach should help focus the collective mind of management boards on the importance of clear corporate governance and controls over the safeguarding of personal information," suggests Sally Annereau, a data protection analyst, at law firm Taylor Wessing.

But if councils do not act, and act soon, citizens will become increasingly wary of handing over all but essential data to local government. If that happens, it will make it harder to roll out e-government services. And that will cost everyone more in the long run.

Stephen Pritchard is a contributing editor at IT PRO.

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

What is e-safety?
e safety

What is e-safety?

27 Jan 2021
Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021
Mimecast links breach to SolarWinds hackers
Security

Mimecast links breach to SolarWinds hackers

27 Jan 2021
TikTok vulnerability exposed private user data
data protection

TikTok vulnerability exposed private user data

26 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
Hackers are actively exploiting three Apple iOS flaws
exploits

Hackers are actively exploiting three Apple iOS flaws

27 Jan 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

26 Jan 2021