Too lazy to lie

Share

Why did I expect any better? Why am I so annoyed, I have written my first blog entry in months?

Today I returned to an old habit and had a look at what has been going on in parliament.

It has been an interesting week, with the U-turn on ID cards only the most significant public admission that grandiose IT-based projects need to be questioned anew.

With ministers daily promising to “win back public trust,” it should have been a good time if they could give a straight answer to a straight question.

Anne Main MP asked two perfectly simple, though important questions to Home Office minister Phil Woolas. The first ran thus:

What auditing his Department undertakes to ensure that IT security policies are being followed; and on how many occasions (a) IT security policies have been breached by employees and (b) a member of staff has been sanctioned for a breach of such policies in the last 12 months?

Given the government’s ability to loose spectacular amounts of data and the Tories baiting of the government on the issue, I naively expected some numbers from Woolas and a robust defence of the new measures in place.

Instead, we got this:

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

Depending upon the circumstances, a range of sanctions are available including disciplinary or administrative action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.

Compliance arrangements comprise a system of self-assessment, accreditation, assurance reporting, audit and review.

Anne Main went on to ask what procedures were in place to ensure the policy was being followed; what was Home Office policy on encryption of data when it leaves departmental premises; and what sanctions are in place for failure to comply?

Straightforward questions, which all the public sector IT chiefs sitting at the government’s CIO Council meeting this week, will repeatedly ask themselves and those they charge with data security.

What was the answer from Phil Woolas?

Information is a key asset to Government and its correct handling is vital to the delivery of public services and to the integrity of HMG. The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.

The Home Office is compliant with the security policies contained in the Government Security Policy Framework including those for information security and assurance.

Depending upon the circumstances, a range of sanctions are available including disciplinary or administrative action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.

And that is it. We have a policy. We’ve threatened to jail the post room junior. Stop bothering us. Not even a link to where a public sector organisations (or a business) looking for a model security policy could get advice and help.

Having been told for a decade that e-government depends on efficient sharing of personal data around the public sector, this is the best a minister can do.

Woolas would have been better off saying, “we just don’t care”.

Find your next job with computerworld UK jobs