Whitehall chiefs to be held accountable for data breaches

Senior Whitehall heads are to be held personally responsible if their department loses personal information, under new proposals.

Share

Senior Whitehall heads are to be held personally responsible if their department loses personal information, under new proposals.

Public sector officials, including chief executives of NHS trusts, are to be forced to take data protection "much more seriously" under proposals due to be laid out by Cabinet Secretary Gus O'Donnell.

According to the Times, O'Donnell is expected to publish the findings of a report on data security in the coming weeks. The report was commissioned by the Prime Minister in the wake of the loss of 25 million child benefit claimant records by the HM Revenue and Customs (HMRC) in November.

Speaking at the Infosec conference in London, information commissioner Richard Thomas said O'Donnell's report contains new regulatory guidance and advice.

Thomas, who was seen a draft of the report, revealed new legislation would allow the ICO to conduct unannounced checks on data controllers in Whitehall. "We will be conducting spot checks in Whitehall departments next year".

Thomas said the new measures focused on "issues of accountability and governance", signifying that the heads of departments would be personally responsible in the event of serious data breaches.

"It has to be the likes of chief executives (of NHS trusts) and permanent secretaries who are held accountable when things go wrong," Thomas told delegates at Infosec.

Chief executives will no longer be able to entrust information security to "techies".

The ICO added that prime minister Gordon Brown would announce similar measures for the rest of the public sector, and possibly private companies also.

The Information Commissioner's Office also revealed it had received reports of 94 further data breaches in the past six months since the HMRC incident. Around two-thirds of these were in the public sector.

Nearly a third of the breaches in the public sector, which ranged from "the minor to the very serious", Thomas said, were in central government, while a fifth affected the NHS. Of the breaches in the private sector, more than 50 per cent were in financial institutions.

"Recommended For You"

Information commissioner demands more power after HMRC data breach Home Office calls for new data sharing powers