Author Gary Hibberd
Now it may not come as a surprise to some, but ‘sometimes’ our local Government (i.e Councils) make mistakes! Shocking I know, but in the recent report by online group ‘Big Brother Watch’ it appears when it comes to data breaches, they do it repeatedly on a daily basis.
Your ‘Five-a-day’ (almost)
The report (based on information made available under the Freedom of Information Act) highlights over 4,236 data breaches in the last three years… that’s around 4 per day.
• 401 instances of data loss or theft
• 628 instances of incorrect or inappropriate data being shared on emails, letters and faxes
• 5,293 letters being sent to the wrong address or containing personal information not intended for the recipient
• 197 mobile phones, computers, tablets and USBs were either lost or stolen
In over 650 cases the breaches involved data belonging to children. In one instance a social worker left sensitive papers relating to children on a train(!) The information contained details which included names, addresses and information related to third-parties in connection to sexual offences (including Police reports).
Emma Carr of ‘Big Brother Watch’ said this showed “shockingly lax attitudes to protecting confidential information” and I couldn’t agree more.
A spokesman for the Local Government Association said: “Councils take data protection extremely seriously and staff are given ongoing training in handling confidential data. This comes in the same week that Carphone Warehouse stated it takes Information Security “extremely seriously” after it was hacked and over 2.4 million records were lost to hackers.
Expecting the expected
Carphone Warehouse’s share price has dropped this week following their breach and no doubt some customers will not go back to them. However, we have no choice but to trust our Government (local and national) so it’s worrying that there seems to be an endemic lack of security in place. Whilst it could be argued that with the sheer volume of data held by the Government we should EXPECT some issues I would suggest that it is because of the sheer volume (and sensitivity) of data held that more MUST be done.
We all have standards
The Government have stated that organisations should adopt Cyber Essentials to help them improve their cyber security capabilities, but also state that companies should look to ISO 27001 (the international standard for Information Security) if they wish to work with the Government.
So my question is, what are the councils doing to assess (and improve) their own security? This doesn’t just mean ‘cyber’ because all the FireWalls and Anti-virus software tools won’t stop someone leaving a pile of documents on a train.
There’s no doubt we can ALL do better when it comes to Information Security but when local Government fails so badly, so often what message is it sending to the private sector?
‘Big Brother Watch’ is calling for a number of policy changes which include custodial sentences for the most serious of security breaches and mandatory training for members of staff with access to personal information. Whether you agree or not, there is definitely room for improvement and I can only hope that lessons will be learnt.
Agenci Information Security is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci Information Security ensures clients systems are secure and provide peace of mind through a range of proven specialist information security solutions.
If you want to contact Gary please call him on 08454 133 666