Norfolk County Council CIO renegotiates terms on HPE contract and beefs up cyber security

Geoff Connell says council is now ‘better prepared’ to stop data breaches after ICO audit

Norfolk County Council is better equipped to deal with data breaches after it completed an audit from the Information Commissioner's Office, according to CIO Geoff Connell.

Connell, who took over as head of ICT and information management in August 2016, tells IT Pro that his two main objectives since joining the council have been to work with the ICO on the audit, and to work with one its biggest providers HPE to renegotiate terms on its contract for the troubled Digital Norfolk Ambition' project.

Advertisement - Article continues below

Cyber security

Norfolk Council does not have a good record when it comes to data breaches; it was fined 80,000 by watchdogs in 2012 after a social worker hand-delivered highly sensitive child welfare information to the wrong address. The council recorded 59 breaches between 2011 and 2014, with one of the most shocking incidents being when confidential files containing details of adults and children was left in a filing cabinet which was sold following an office move.

But after an audit completed by the ICO in January, Connell believes the council is much better prepared.

"We had to do quite a lot of work to improve our processes and we're well on track with that to make sure we have the right information sharing agreements in place," he says.

Advertisement
Advertisement - Article continues below

Connell emphasises that the audit is not a compulsory programme to catch the council out, but is instead an optional audit to help the organisation to improve its policies.

Advertisement - Article continues below

The council has now resolved its historical data loss cases and has implemented new policies, procedures and awareness training. It is the latter, which Connell believes is most crucial.

"Of course you need policies but if people don't know what they are or how to use them then it's no good," he states.

He will be testing staff by sending out phishing e-mails to see who clicks on malicious' links the idea is to understand what more can be done to train staff.

Cyber security is something Connell has also been focused on in his role as president of SOCITM. He wants to put together activities for local authorities within the new national cyber security centre.

"It's a really important focus area for local authorities it's not just about making sure we're in good shape, but that we can join up and work with central government agencies and other public sector organisations safely," he states.

Advertisement - Article continues below

Connell is passionate about data being shared across public sector organisations more easily. He says that it would enable social workers to know about medicines that people are on, and hospitals to know what social care arrangements have been made.

"Up until now, this has all been on an ad hoc basis. We need to make it more systematic and share data when it is appropriate to do so," he says.

But as public sector organisations are funded separately, and budget cuts continue to be made across the board, it makes it increasingly difficult for all parts of the public sector to continue to invest in technology that can help with data-sharing. By work together, the money could be spent more efficiently.

Advertisement
Advertisement - Article continues below

"For example, councils spend a lot of money on technology that helps elderly people to live more independently in their homes, such as IoT, but if local authorities are spending the money then health organisations save the money. Likewise if care homes aren't being adequately funded it is difficult for elderly people to be discharged from hospitals.

Advertisement - Article continues below

"So we need to have ways of working that enable joint investment," he says.

Renegotiating terms with HPE

Connell is in charge of Digital Norfolk Ambition' a 26m IT transformation project which one councillor referred to as a "looming catastrophe" in an interview with the Eastern Daily Press.

The project was signed back in December 2013 with HPE, Microsoft and Vodafone as the three key suppliers but it has been beset by issues such as an increase in costs, a build-up of delays and technical issues with laptops.

In order to solve some of these problems, Connell has held talks with HPE to reshape the agreement.

"We only have another year and half on the contract and we've agreed certain things we don't want to do with them anymore that we will take in-house, and other things which they're doing well which we will continue with but ultimately we need to be planning to exit from that contract," he states.

Advertisement - Article continues below

Despite the need to move away from the contract, Connell has been satisfied with how HPE have dealt with the contract review.

"Give them credit, they were flexible and they've recognised that times have changed and that not everything will pan out as you'd expect it to. It's important that vendors are able to alter the contract scope to ensure it is most cost-effective," he says.

Indeed, HPE is not one of the big vendors that Connell would say it hard to work with.

"There are some vendors that are notoriously difficult when it comes to licensing because they have complexity that you may call borderline fraud because they are simply inflexible," he states.

"Some view their products as cash cows so they're taking money and not reinvesting it, and some that don't keep up to date with patching, browsers and versions of different products we use so it's difficult for us to keep up to date," he adds.

Connell says that it is up to public sector organisations to  work together to help to shift this kind of behaviour from these big vendors, either by buying from other suppliers or lobbying through user groups.

Advertisement
Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

26 Mar 2020