Plugging public sector data leaks

Inside the Enterprise: government bodies seem unable to take information security seriously. Unless they do, the public will remain wary of using government services online.

data leaks

COMMENT: News that a full 132 local authorities have lost citizens' data over the last three years will surprise few security experts, and few CIOs.

Central and local government in the UK has progressively tightened policies around data security, improved access controls, and invested in data loss prevention technologies. Since the loss of the records of 25 million people by HMRC in 2007, controls over how data is stored and shared have become more rigorous. But as the latest research, compiled by Big Brother Watch, shows there is still a long way to go.

Advertisement - Article continues below

It is increasingly hard to avoid the conclusion that the issue is less one of technology, than of attitudes.

Nearly a third of councils lost data, Big Brother Watch found, and only 55 out of 1,035 incidents were reported to the Information Commissioner's Office. The privacy group had to resort to Freedom of Information requests to obtain the information, which in itself says a lot about a lack of transparency around the issue, in some public sector circles.

And it is increasingly hard to avoid the conclusion that the issue is less one of technology, than of attitudes. Although it is by no means the case everywhere, a significant minority of public sector staff appear to have a less than responsible attitude to the personal data they hold.

Advertisement
Advertisement - Article continues below

Nor do managers seem to be enforcing existing data security rules withy much rigour; according to Big Brother Watch, just nine of the one-thousand-plus data breaches resulted in a member of staff losing their job. In some authorities, copying personal identifiable data onto insecure or personal devices, including laptops and USB drives, seems to be tolerated at the very least.

Advertisement - Article continues below

Tim Patrick-Smith, CTO of IT services provider Getronics, describes a scenario where CIOs are "playing catch up" with staff who increasingly use consumer devices at work, and who need to balance flexibility with security policies. But he also suggests that a change in approach to data security with the data, rather than devices, being secured -- may be the only practical way to solve the problem.

Another answer could lie in a new EU data protection framework, expected as early as January 2012, which may force organisations to report data breaches. This would follow a similar model already operating in California.

"A statutory duty to report a data security breach should help focus the collective mind of management boards on the importance of clear corporate governance and controls over the safeguarding of personal information," suggests Sally Annereau, a data protection analyst, at law firm Taylor Wessing.

But if councils do not act, and act soon, citizens will become increasingly wary of handing over all but essential data to local government. If that happens, it will make it harder to roll out e-government services. And that will cost everyone more in the long run.

Stephen Pritchard is a contributing editor at IT PRO.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020