So the long-awaited Poynter Review has finally made its judgement on possibly the biggest data loss incident ever faced by the government - the loss of 25 million child benefit records by Her Majesty's Revenue and Customs. The more world-weary and cynical of you will most probably be thinking "so what", and, to be honest, there was not that much in the report to really set hearts racing. Government-sponsored reviews of this kind rarely find out anything that we don't already know; although it was unusual and a little bit heartening to see the extent to which Poynter laid into the HMRC.
In the end, after several months and heaps of taxpayers' money, the review found that a lack of training, support and guidance by management in the HMRC, and an ignorance of good information security practices lead to a "muddle through" ethos in the department. No single individual was to blame then, more a culture of failing to recognise the value of data, or protecting it.
I wrote something along these lines a few months ago and it's nice to see such opinions reinforced by someone with slightly more resources and knowledge on the subject than I. What the review won't do though is be able to change this "ethos" overnight. The government had pretty decent data classification practices by all accounts, although crucially the human factor was its undoing. Some McAfee research conducted recently illuminates this problem yet further - 25 per cent of office staff said they thought it was their boss's responsibility to protect data, and 98 per cent said that they didn't think it was their own responsibility.
A combination of ignorance, poor training and institutionalised bad practice is a pretty daunting set of factors to address. The problem will be in fully educating public sector staff about the risks of data loss and the value of certain types of data. In the private sphere of course the commercial risks and brand damage that a large data loss incident can lead to are pretty much front of mind for large companies.
The government has said it has already implemented more than half of the recommendations made by Poynter, and is giving HMRC staff additional training, but lip service is not enough. Interestingly, Justice minister Michael Wills just admitted that there needs to be a "radical change" in the way the government handles data - an encouraging sign. The first step on the road to recovering public trust and towards exercising better judgement on data storage and transportation matters is admitting it has a problem. The next step will be in doing something about it.
Democratizing government data will help change how government operates—and give citizens the ability to participate in making government services more effective, accessible, and transparent.
ReplyDelete