23 January 2014

Guarding against data breaches

Guarding against data breaches image

The latest wave of fines levied by the Information Commissioner’s Office (ICO) – such as North East Lincolnshire Council losing a memory stick containing sensitive information about children with special needs – has made many local authorities realise the implications of data protection.

Many councils are now taking steps to understand and establish responsible processes with secure, certified service providers who will ensure they stay out of the ICO’s line of fire.

In Q2 2013 alone, there were 335 data breach incidents according to the ICO, 29 of which were lost or stolen hardware; the top three biggest offenders were health, local government and education.

However, is increased scrutiny and an ever interested media enough to help drive through better policy making in public bodies?

The greater focus on data protection legislation and its enforcement are factors on which those responsible for data should be placing high importance. ADISA (Asset Disposal & Information Security Alliance) has developed a security standard for IT asset disposal companies, which ensures that the asset – and therefore the data – is managed and protected throughout the process until the data itself is sanitised.

It is also working with partners like Stone Group to bridge this huge awareness gap, recently launching a series of education programmes with the University of South Wales. Organisations should not make disposal decisions purely based on the financial returns offered for their redundant IT equipment. Choosing to dispose of IT via anything less than quality approved service providers is negligible and poses an unnecessary risk. Companies don’t buy the cheapest firewalls or antivirus solutions so why should they settle for the cheapest or no-cost disposal service? The data being protected is still the same.

Those organisations looking for IT disposal services should ensure their chosen provider can demonstrate compliance with recognised security standards such as ADISA ITAD and ISO27001, and that data wiping or destruction methods employed are suitable for the classification of data and media type. A visit to the provider’s facilities should also be considered to verify the process and security.

Data wiping – performed by software tested and approved to a national technical standard, such as CESG – will provide secure wiping of data. There are many products available online which do not offer the same assurance.

Ultimately, and legally, the responsibility rests with the organisation from whom the assets and data originated, and liability will remain with them if due diligence has not been applied when selecting their disposal provider.

The absence of an IT asset disposal policy by public sector organisations is no doubt the result of ongoing needs to reduce costs and has placed responsibility with unqualified individuals.

However, it is more necessary than ever that such oversight is eradicated and policies put in place to ensure security and data breaches are a thing of the past. n

Martin Ruston is group compliance manager at Stone Group, and Steve Mellings is founder of ADISA.

This feature first appeared in Local Government News magazine. Register for your free copy here.

The power of local systems to save lives image

The power of local systems to save lives

Councils and their partners could do even more to contain the spread of COVID-19 if properly funded to undertake a robust localised system of testing, tracking and tracing, argues Professor Donna Hall.
SIGN UP
For your free daily news bulletin
Highways jobs

Deputy Chief Executive & s.151 Officer

Wychavon District Council
package to £90k
This is an exceptional career development opportunity, and the perfect role for a talented public service leader with ambition. Worcestershire
Recuriter: Wychavon District Council

Senior Practitioner - Family Support & Protection

Essex County Council
Up to £237 per day + Umbrella
Managing a defined caseload, the social worker is responsible for working effectively with children, young people and families/carers to achieve positive change and improved outcomes. England, Essex, Basildon
Recuriter: Essex County Council

Qualified Social Worker - Family Support & Protection

Essex County Council
Up to £207 per day + Umbrella
Managing a defined caseload, the Social Worker is responsible for working effectively with children, young people & families/carers to achieve positive change and improved outcomes. England, Essex, Basildon
Recuriter: Essex County Council

Qualified Social Worker - Assessment & Intervention Team

Essex County Council
Up to £207 per day + Umbrella
Managing a defined caseload, the Social Worker is responsible for working effectively with children, young people & families/carers to achieve positive change and improved outcomes. England, Essex, Basildon
Recuriter: Essex County Council

Qualified Social Worker - Assessment & Intervention Team

Essex County Council
Up to £207 per day + Umbrella
Family Operations delivers direct provision of services relating to vulnerable children, young people and complex families. England, Essex, Harlow
Recuriter: Essex County Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue