Plugging public sector data leaks

Inside the Enterprise: government bodies seem unable to take information security seriously. Unless they do, the public will remain wary of using government services online.

data leaks

COMMENT: News that a full 132 local authorities have lost citizens' data over the last three years will surprise few security experts, and few CIOs.

Central and local government in the UK has progressively tightened policies around data security, improved access controls, and invested in data loss prevention technologies. Since the loss of the records of 25 million people by HMRC in 2007, controls over how data is stored and shared have become more rigorous. But as the latest research, compiled by Big Brother Watch, shows there is still a long way to go.

It is increasingly hard to avoid the conclusion that the issue is less one of technology, than of attitudes.

Nearly a third of councils lost data, Big Brother Watch found, and only 55 out of 1,035 incidents were reported to the Information Commissioner's Office. The privacy group had to resort to Freedom of Information requests to obtain the information, which in itself says a lot about a lack of transparency around the issue, in some public sector circles.

And it is increasingly hard to avoid the conclusion that the issue is less one of technology, than of attitudes. Although it is by no means the case everywhere, a significant minority of public sector staff appear to have a less than responsible attitude to the personal data they hold.

Nor do managers seem to be enforcing existing data security rules withy much rigour; according to Big Brother Watch, just nine of the one-thousand-plus data breaches resulted in a member of staff losing their job. In some authorities, copying personal identifiable data onto insecure or personal devices, including laptops and USB drives, seems to be tolerated at the very least.

Tim Patrick-Smith, CTO of IT services provider Getronics, describes a scenario where CIOs are "playing catch up" with staff who increasingly use consumer devices at work, and who need to balance flexibility with security policies. But he also suggests that a change in approach to data security with the data, rather than devices, being secured -- may be the only practical way to solve the problem.

Another answer could lie in a new EU data protection framework, expected as early as January 2012, which may force organisations to report data breaches. This would follow a similar model already operating in California.

"A statutory duty to report a data security breach should help focus the collective mind of management boards on the importance of clear corporate governance and controls over the safeguarding of personal information," suggests Sally Annereau, a data protection analyst, at law firm Taylor Wessing.

But if councils do not act, and act soon, citizens will become increasingly wary of handing over all but essential data to local government. If that happens, it will make it harder to roll out e-government services. And that will cost everyone more in the long run.

Stephen Pritchard is a contributing editor at IT PRO.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Roadmap 2021: What’s coming from 3CX
Advertisement Feature

Roadmap 2021: What’s coming from 3CX

30 Mar 2021