In recent years, the number of government data breaches, and increasing threats to public sector data, has forced local authorities to focus a lot more on compliance than previously.
While many understand the necessity of laws such as the Data Protection Act, ensuring compliance in a growing regulatory environment is becoming more complex. Employees are more regularly being expected to follow time consuming compliance protocols while carrying out the same day-to-day role that has always been expected of them.
According to a Ponemon report on data breaches, just one breach can cost an average of £3.6m. This significant cost demonstrates why the public sector is right to be concerned.
Local government especially will hold significant amounts of sensitive data, making the cost of a breach even greater. Investment in effective security regimes, combined with efforts to bridge the gap between IT and frontline staff is essential. The key to this in my view is providing user friendly technology combined with education throughout local government.
User friendly technology
Expectations around information sharing have transformed dramatically in the past couple of years. Local government is under immense pressure to deliver a high level of service, often to more and more people with fewer resources.
When compliance procedures and technology at the employees disposal are not user friendly, the overbearing strain on time forces staff to choose the path of least resistance, which often means foregoing established security protocols for more convenient and familiar options, including unsecured, personal email, mobile devices, and third-party file sharing sites like Dropbox.
IT cannot (and should not) prevent public sector professionals from providing an excellent service, but it is their responsibility to ensure the privacy of every member of the public whose data they hold. Most third-party tools present major risks, but can local authorities really blame employees for using them if they do not have a better means to move and access information?
It is the responsibility of IT departments and the leaders of organisations to equip staff with an effective means to move and access information securely. These tools must meet regulatory requirements, especially with regards to data protection, but most importantly, they need to meet the needs of the frontline staff that will be using them. If tools are easy to use, do not take up too much time and employees understand the necessity of sticking to them, procedures are much more likely to be followed.
Education
A portion of ensuring compliance is putting some level of responsibility in the hands of all employees. Throughout local government, staff must be made aware of what constitutes unsafe behaviour. With the majority of data breaches resulting from internal error, this is particularly critical. Courses in compliance and privacy are required in many parts of local government, but technology is constantly evolving and, as a result regular communications about safe IT practices are becoming ever more important.
Critically, education about compliance and security should be paired with useful information about maximising productivity whilst remaining compliant. Collaboration between IT and employees using systems to make sure tools are most appropriate for their day-to-day circumstances will see strong results.
Unfortunately we live in an age where threats do exist, and government data remains to be a top target for cybercriminals. Greater focus on compliance in order to reduce the impact of a breach will naturally bring about challenges to day-to-day productivity, however, compliance protocols must not be allowed to limit employees, especially in local government, where resources are more often restricted.
James Bindseil is Globalscape president and CEO.
