Plugging public sector data leaks

Inside the Enterprise: government bodies seem unable to take information security seriously. Unless they do, the public will remain wary of using government services online.

data leaks

COMMENT: News that a full 132 local authorities have lost citizens' data over the last three years will surprise few security experts, and few CIOs.

Central and local government in the UK has progressively tightened policies around data security, improved access controls, and invested in data loss prevention technologies. Since the loss of the records of 25 million people by HMRC in 2007, controls over how data is stored and shared have become more rigorous. But as the latest research, compiled by Big Brother Watch, shows there is still a long way to go.

It is increasingly hard to avoid the conclusion that the issue is less one of technology, than of attitudes.

Nearly a third of councils lost data, Big Brother Watch found, and only 55 out of 1,035 incidents were reported to the Information Commissioner's Office. The privacy group had to resort to Freedom of Information requests to obtain the information, which in itself says a lot about a lack of transparency around the issue, in some public sector circles.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

And it is increasingly hard to avoid the conclusion that the issue is less one of technology, than of attitudes. Although it is by no means the case everywhere, a significant minority of public sector staff appear to have a less than responsible attitude to the personal data they hold.

Nor do managers seem to be enforcing existing data security rules withy much rigour; according to Big Brother Watch, just nine of the one-thousand-plus data breaches resulted in a member of staff losing their job. In some authorities, copying personal identifiable data onto insecure or personal devices, including laptops and USB drives, seems to be tolerated at the very least.

Tim Patrick-Smith, CTO of IT services provider Getronics, describes a scenario where CIOs are "playing catch up" with staff who increasingly use consumer devices at work, and who need to balance flexibility with security policies. But he also suggests that a change in approach to data security with the data, rather than devices, being secured -- may be the only practical way to solve the problem.

Another answer could lie in a new EU data protection framework, expected as early as January 2012, which may force organisations to report data breaches. This would follow a similar model already operating in California.

"A statutory duty to report a data security breach should help focus the collective mind of management boards on the importance of clear corporate governance and controls over the safeguarding of personal information," suggests Sally Annereau, a data protection analyst, at law firm Taylor Wessing.

But if councils do not act, and act soon, citizens will become increasingly wary of handing over all but essential data to local government. If that happens, it will make it harder to roll out e-government services. And that will cost everyone more in the long run.

Advertisement - Article continues below

Stephen Pritchard is a contributing editor at IT PRO.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/29068/is-your-company-taking-enough-accountability-on-cybersecurity
Security

Are you taking enough accountability on cyber security?

18 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020