Newspapers stated today “Councils have lost or misused private data thousands of times, says watchdog” which is an eye-catching headline.
The newspaper article explains that data has been lost or stolen thousands of times and the watchdog proposing “Big custodial sentences to be introduced for the most serious data breaches“.
Wanting to know more and what data has been stolen (especially considering our focus is on securing server systems) I skimmed-through the Watchdog’s report.
It’s an interesting read, because many of the “data breaches” are human error (sending two letters in one envelope, leaving something on a tube, sending an email to the wrong person) and or really bad luck (staff member is mugged/robbed with laptop or mobile phone in their bag). It is no wonder many of the staff are not disciplined.
Other than controlling the flow of e-mail (using something like Rights Management) and ensuring laptops and mobile devices are encrypted, it doesn’t appear that systems alone could prevent many of the data breaches.
The business model is interesting – Local Authorities employ thousands of people who in turn deal with thousands of people. With high public interaction, it would seem normal to have some margin of error. Errors that are very visible because it affects every one of us.
I wonder how much in terms of percentage these data issues are versus the positive number of interactiions/transacctions a Local Authority makes?
It is right to bring this information together, to show there’s an issue. But what is the solution? Reading the report further there are more recommendations than reported in the newspaper:
Personally I would like to see standards to be met with the encryption, e-mail protection and data safeguarding – operational elements of information technology that may help if an employee makes a mistake. Would a standard data security / encryption solution across all local authorities be a good idea?
There were other recent headlines regarding Local Authorities still running Windows XP and Windows Server 2003.
Maybe it’s time to upgrade and take advantage of security in newer software. But, that alone wouldn’t address most of the issues highlighted in the report.