GSA UK - Calling time on lax data security

DOING BUSINESS BETTER. TOGETHER

Home
NEWS & INSIGHTS
Industry News
Calling time on lax data security

Calling time on lax data security

1 Oct 2008 12:00 AM | Anonymous

Be horrified.

In what can only be read as an appalling indictment of the public sector mindset, an overwhelming majority of respondents to new survey don’t believe the general public should be informed if a data security breach occurs. Also there is a general unawareness of data breach legislation. So if they lose your child benefit data or your tax information or your sexual health history, it's in everyone's interest that you don't find about it. Apparently.

Well, no – it's in the interests of the civil servants and the politcians – hello Jacqui Smith - that we don't find out. Not knowing anything about data security breaches would mean we're not going to ask too many difficult questions.

But according to a new survey by ClearSwift and Information Assurance, the small matter of personal data integrity is not at the top of the political agenda, despite the public having high expectations. Approximately 40% of senior management in the public sector have little or no understanding of information assurance (IA). And yet 49% of public sector employees polled felt that IA procedures could be improved within their organisation.

That's encouraging, given that around 19% of British public sector organisations suffered a data loss in the last 12-18 months. Over half of this figure had experienced a repeat data loss. The main data loss causes were: loss of removable storage devices, 67%; loss of hard copies,44% and loss through email, 11%. That's another way of saying "we have no idea how to maintain data security in the digital age".

But we have to ask again: what was the point of the Home Secretary slapping PA Consulting's wrists (or being seen to over a relatively small contract) when it seems the civil service has very little interest in good data security practice anyway.

Mind you, the UK consumer is hardly helping him or herself. Research from the Information Commissioner's Office found that 40% of people would hand over their sensitive information to a company without knowing if that company was trustworthy. The Commissioner called on UK citizens to start using their legal rights to manage their personal information - because organisations aren't doing such a great job.

But perhaps In the age of Facebook we have all forgotten what privacy and security means.

That said, ninety-five percent of a study group of 2,000 UK adults considered personal data to be ‘quite’ or ‘very’ valuable – and more than 70% claimed to routinely shred personal documents. But 44% had never considered contacting an organisation to find out what information it holds about them. “The more people that use their rights [under the DPA] to check what information is held about them, the stronger the signal to organisations that the mismanagement of people‘s personal details will not be tolerated,” said David Smith, ICO deputy commissioner.

The ICO has launched a new online tool to help consumers protect and manage their personal information. The 'healthcheck' is of a list of questions about the storage and management of personal information - like PIN numbers and passports - that is used to score the level of risk a person takes with their data. Smith said: “Our Personal Information Healthcheck is suitable for everyone, whether they’ve never before thought about protecting their personal information or could just benefit from a few extra tips and ideas.”

We can only hope that Jacquie Smith and Co can find time at this 'end of empire' period to take this on board and back the Information Commissioner in his bid to prop up our basic data protection rights....