As if it couldn’t get any worse, the government has suffered another data protection PR disaster. Hang on, I’m sure we’ve said that before. Anyway, a firm called Garlik has just announced new evidence that most major government departments are still failing to implement data protection policies. Garlik has been around for a year or so now and specialises in services which allow customers see how much personal information about them is out there on the world wide web, and who has access to it. So you can see why they started this project.
After making 14 Freedom of Information requests, the firm found that HM Revenue and Customs, Ministry of Defence, and the Department of Health, among others, all came up short in certain areas. These include not having any data correction policies or funds to correct erroneous data, and possibly the most damming – “never having been subject to an independent audit in order to prove compliance with the Data Protection Act” (DPA).
Now the news might not surprise most people, which in itself is a pretty damming indictment on the government’s approach to data security, but it doesn’t actually prove any wilful transgression of the Data Protection Act. It is, though, yet another indication of the worryingly little heed government departments seem to pay to the value of personal information. The national ID register and NHS database projects look distinctly flaky when one considers the departments responsible have no policies around data correction.
When data errors occur, as Garlik rightly says they doubtless will, how can they be identified and corrected if there aren’t even any funds allocated to do this? Interestingly I was contacted a few weeks ago by a concerned citizen who'd made it his life's work – or at least a passionate hobby – to investigate the government’s record on data protection. He submitted the same FoI requests as Garlik and assimilated a significant amount of evidence amounting to the same findings. It’s all down to people and policies, training and institutional culture – no quick technology fixes here.
Garlik’s Ilube also told me people are generally more concerned about the fact that government might hold erroneous data on them than the fact that it might go missing, but I’m not so sure. The issue of data security has plagued the government in recent months and is surely more emotive than this new revelation. After all, having your name misspelled on your patient records is a slightly different proposition to having your personal details nicked from a government laptop.
No comments:
Post a Comment