It's around about 12 months since the HMRC scandal broke, and with it the floodgates for countless subsequent public sector data loss incidents. The Tories released some rather timely information at the end of last week concluding that these breaches have amounted to the equivalent of one PC lost every week since the HMRC incident, and that's not counting the 36 BlackBerries, 30 mobile phones and four memory sticks also lost.
Various reasons have been bandied about as to why the sudden deluge of stories about data loss in the last 12 months, and what is so wrong at the heart of government to have led to this situation. Well, it's fair to say that this sort of thing has been going on for years, it's just that there is more transparency and awareness now. And the experts I've spoken to about this - security vendors, security consultants and legal bods - have offered a range of opinions as to why it might have happened, but most seem to believe things have been moving in the right direction since HMRC. The problem with government though, is that it's a large, lumbering beast of an institution and any change will be slow.
Paula Barrett, a partner at law firm Eversheds, pointed out that new standards on data handling are being drawn up, but that more awareness-raising across departments needs to be made to ensure individuals know what they are. She also hinted that the Queen's speech in a few week's time could very well contain more measures aimed at forcing departments to improve their data security practices.
A more interesting comment came from Matthew Tyler of consultancy Evolution Security Systems, who told me that his company was recently involved in a government project, evaluating the feasibility of rolling out encryption technology for all USB sticks. This would seem a laudable step in the right direction, but as he added, most recent data breaches were due to individuals not following correct procedures, so surely the best approach is to design systems where sensitive data can't be taken out in the first place.
No comments:
Post a Comment