31 March 2016

A rethink on data protection is needed to keep council channel shift plans on track

A rethink on data protection is needed to keep council channel shift plans on track image

With security incidents in local government becoming more frequent, Chris Brine-Howe, chief information security officer at arvato UK & Ireland, explains that authorities need to put the right data protection processes in place to keep online services secure and avoid substantial fines from forthcoming regulations.

Channel shift is well underway in many councils to help mitigate their current challenges and meet the growing demand for round the clock services that citizens have become accustomed to using. Together with addressing growing budget pressures, providing more services online is enabling authorities to free-up resources to handle the sharp rise in complex enquiries resulting from recent welfare reforms.

But while this strategy has clear benefits, delivering more digital services will mean having to hold more citizen information online, increasing the risk of identity theft or a data breach and the subsequent potential impact. To keep these plans on track, the issue for authorities is ensuring they can effectively safeguard the personal and financial data they hold on each citizen.

This presents a significant challenge for councils. According to the Information Commissioners Office (ICO), the number of data breaches in the local government sector increased nine per cent year-on-year in the financial year 2014-2015. Such issues are also on the rise across the private sector following a recent surge in high-level corporate incidents.

In line with the increased threat, the pace of regulatory change required to keep information safe is accelerating, putting authorities at risk of significant fines. The forthcoming EU General Data Protection Regulation, due to come into force in mid-2018, carries the risk of charges of up to £20 million Euros, or four per cent of revenue depending on which is greater, should a data breach occur without the mandatory organisation and technical controls being in place. Other yet to be specified breaches will also carry penalties of up to £10 million Euros, or two per cent of revenue.

Even if the UK decides to leave the EU in June, councils will still need to ensure the correct data processes are in place under the existing legislation. The obligations for how organisations handle payment card data, mapped out by the government’s Data Protection Act and in the Payment Card Industry Data Security Standard (PCI DSS) are modified frequently, with each iteration pushing the security bar higher. This is making it tough for authorities to keep pace.

While having the up to date architecture in place to safeguard against cyber security threats is key to keeping online services secure, there is often confusion around what type of citizen data – this can include credit card details, post codes, names and addresses - needs which level of protection. In reaction to the increasing amount of online data, it is essential that staff are appropriately educated to identify all levels and types of data, particularly sensitive personal information, so that it is correctly managed.

A critical part of this is establishing a culture focused on data security. A common issue for councils is actually understanding the importance of protecting personal and financial data, particularly among employees. Security needs to be moved into the heart of a council’s day-to-day activities and aligned to the business objectives, with all staff appropriately trained to use the processes in place and to thoroughly understand which data needs to be kept secure. Describing risks in context using plain English and avoiding technical terminology will help avoid any misinterpretation, which can potentially lead to errors and threats not being flagged.

To fulfil the potential channel shift has to offer, councils must not only ensure they have the right security culture, security controls, risk processes and technology embedded across the authority, but that they collaborate with other organisations. Whether that’s learning from, or sharing services with other councils who have the correct risk management practices in place, or joining up with a private sector partner with the relevant expertise, authorities need to move quickly to get their processes in order.

Chris Brine-Howe is the chief information security officer at arvato UK & Ireland.

For your free daily news bulletin
Highways jobs

Deputy Chief Executive

Harris Burns Ltd
Lichfield is a vibrant and historic district located at the heart of Staffordshire.  We are transforming the way we deliver our services with a str... Lichfield, Staffordshire
Recuriter: Harris Burns Ltd

Highways Traffic Development Engineer

Milton Keynes Council
£34,788 - £38,813
Milton Keynes is a place of opportunity. Milton Keynes
Recuriter: Milton Keynes Council

Social Worker - South Essex Family Centre

Essex County Council
£30906.0 - £42254.0 per annum + Plus Excellent Benefits Package
What you'll need to join our Social Work teams To play a key part in transforming the lives of children and families, you will have a Diploma or Degree in Social Work, CQSW, CSS or equivalent and Registration with Social Work England as Registered Soc England, Essex, Basildon
Recuriter: Essex County Council

Assistant Contracts Engineer

Milton Keynes Council
£34,788 - £38,813
We are looking for an Assistants Contracts Engineer to be a key senior member of our Contracts Team managing... Milton Keynes, Buckinghamshire
Recuriter: Milton Keynes Council

Team Leader - Streetworks

Milton Keynes Council
£39,782 - £43,662
We are looking for a Team Leader to lead our Streetworks Team. Milton Keynes, Buckinghamshire
Recuriter: Milton Keynes Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue