Skip to content

Management

Technology

Toolbox

Training

Books

White Papers

Webcast

Resource Centre


ComputerworldUK CommunIT

Want to join the UK’s fastest growing dedicated IT community? Enter here to browse the UK’s top usergroups, societies and associations.

Public sector organisations management > government & law > news

December 15, 2008

Government repeats claims of ‘staggering improvement’ in data security

Didn't the public sector lose data on four million people this year?

By Leo King, Computerworld UK

The government has repeated its assertion that it has made a “staggering amount of progress” on data security, in a year when the records of millions of people were reportedly lost.

Advert

The "staggering progress" claim was made in November by Tom Watson, the junior minister responsible for data security, but was later questioned in parliament, with Conservative MP Francis Maude asking for evidence. Watson said in a written answer to MPs last week that the government had provided security training for thousands of public sector staff, and encrypted tens of thousands of laptops.

Remember these security lapses?

Ministry of Justice loses 45,000 personal records

Home Office lost details on 3,000 workers on CDs

Government data woes deepen as 3 million more records are lost

Information Commissioner targets HMRC and MoD

Data protection is a “top priority” for the government, Watson wrote. The key areas of improvement were the publishing of data breaches in annual departmental accounts, “increasing accountability with senior information risk owners”, widespread training, and better use of technology.

All public sector staff could access an online training scheme, Watson said. There is also departmental training, including training for a million NHS staff. A year after HM Revenue & Customs lost the data of 25 million individuals, 90,000 HMRC staff have been educated on data security.

Watson was also keen to stress that the government understood the need to have the right security technology backing up its policies and training, “to minimise the likelihood of data losses”. In the Ministry of Defence, for example, the data on 30,000 laptops has been encrypted, he said.

Encryption “is now the norm”, Watson said. The government also restricts access to removable devices and runs network penetration testing.

Eric Domage, security research manager at IDC, said the changes were a good sign: “At last, somebody in the government has understood that security depends on the users, and training has to be good."

“Training is expensive, but it’s vital. It’s the last friendly option, and you have to take it. If you still lose data, then you have to do a forensic investigation and punish those responsible. No one wants another HMRC.”

Graham Cluley, senior technology consultant at IT security firm Sophos, agreed the changes were “better late than never”.

But instead of encryption being the norm, “any sensitive data needs to be encrypted”, he said, adding that the passwords "need to be strong”.

The government also needs to monitor where its data is, and control it access using data loss prevention software, both Domage and Cluley said. This would prevent certain files from being put onto removable devices, or make sure they are encrypted automatically first.

“Ultimately most people think about convenience and take short cuts," said Cluley, "so you have to have the technology in place to back up the rules."

Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!

« prev article | more government & law news | next article »

Advert

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'Government repeats claims of ‘staggering improvement’ in data security - Public sector organisations - ComputerworldUK' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?

Comments received

Bill said on Monday, 15 December 2008

Considering the amount of outsourcing the UK goverment does, shame it doesnt manadate a supplier policy that ensures EDS, serco, CSC, BT and the rest also follow the same procedures.

Advert

WHITE PAPERS

  • Legal risks: Employee use of the internet and email
    Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees.
  • Phishing for victims
    This White Paper examines the phenomenon of phishing. It explains the potentially catastrophic threat it presents to all kinds of organisation. Exploding some widespread myths, it lights up the murky waters where phishing first emerged and where it continues to evolve. But it also highlights what your business can do to blunt the threat.
  • Challenges and opportunities of PCI
    The control framework implicit in the Payment Card Industry Data Security Standard (PCI DSS) provides an enterprise structure for improving operational, security, and audit performance.
  • Social CRM comes of age
    Who is this “social customer”? What strategies and tools does the new breed of CRM provide to do something about this?
  • Risk Management: Protect and Maximize Stakeholder Value
    What has held organisations back from a broader adoption of risk management programs?
*