Martin Sugden 23 September 2014

Local authorities: facing up to data loss

Local authorities: facing up to data loss image

Local authorities have come under increased scrutiny following the recent publication of results from an audit of sixteen local authorities by the Information Commissioner’s Office (ICO), which found that collectively there was “clear room for improvement” in how they comply with the Data Protection Act.

With data loss never far from the news, protecting sensitive information is no longer the sole preserve of national security organisations – it has become a key concern for all levels of government organisation and indeed, private enterprise.

A data breach can greatly impact local government organisations – whether its direct harm caused to an individual or organisation as a result of disclosed information, in monetary terms due to ICO fines, loss of funding or negative publicity garnered by the news of a breach. As a result, it is no longer enough for local government organisations to treat data security as a ‘nice to have’, instead they must actively implement measures to protect both their staff and the information assets they hold.

Government Security Classification scheme

Central Government understands that it is vital to take measures to protect data and have rightly identified data classification as being increasingly important to help staff understand the value of the data they receive, handle and create. On the 2nd April 2014, the Cabinet Office launched the Government Security Classification (GSC) scheme, which aims to simplify classification of government data and make it easier and more cost-effective for material to be marked, handled and protected in a proportionate way.

However, in the lead-up to the changes, we were surprised to find only 20% of the government staff we spoke to had plans to transition to the new scheme and that there was a general consensus that clearer guidance is needed on how to implement, enforce and train staff to use the new classification system.

This guidance is still lacking months after the launch of the GSC and until the Cabinet Office addresses this, we will continue to see avoidable data breaches across government.

Making data security more people-centric

One of the ways in which organisations can protect their data and meet the requirements of GSC is through the use of data classification solutions, which empower staff to assign a value to data (whether it’s an email, document, image or CAD design file) they create and handle, so informed decisions can be made about how that information is managed, used and shared. The creator of the data is usually best-placed to make this value judgement, as they will be more aware of its context.

By putting the classification obligation in the hands of staff at all levels, you effectively draw them into an active role in data security, which provides a greater defence against the loss of sensitive information.

Technologies such as Data Classification and DLP can be combined as part of a layered security approach to help prevent government organisations from incurring the wrath of the ICO. Visual classifications can help to raise awareness of data security but only a data classification solution which translates these into metadata which can be used by other security technologies can be totally effective in enabling an organisation to control the sharing and release of information.

Education and best practice

Following the ICO’s audit of local authorities and the resulting recommendations, it is hoped the number of data breaches and subsequent fines is reduced. Certainly the recommendations and best practice examples supplied by the ICO should go some way to increase awareness of the need for all employees at all levels to protect data right through the cycle.

It is encouraging that the ICO is taking on more of an educational role, rather than being a solely punitive organisation slapping fines on local councils with little help to solve the underlying issues around data loss, yet we are still some way from a providing local government with enough support to make sure data leakage is plugged.

Martin Sugden is the MD of Boldon James

Time for a council tax precept to fund CCTV image

Time for a council tax precept to fund CCTV

The crisis in funding for CCTV systems is not being addressed by the government or the police and is leading to the curtailment of this vital service in local authorities across the country. How can we ensure that communities that want this service continue to receive it, asks Tom Reeve.
For your free daily news bulletin
Highways jobs

Service Director – Development & Regulation

West Berkshire Council
Up to £96,585 per annum
We are looking for a candidate with the passion for place making and a successful track record in leading and developing large multi-service teams.  Newbury, Berkshire
Recuriter: West Berkshire Council

Mayoralty & Business Manager

London Borough of Richmond upon Thames and London Borough of Wandsworth
£41,292 - £50,034
The Mayoralty & Business Manager will be responsible for maintaining the reputation of both Mayoralties and promoting a positive image of... London (Greater)
Recuriter: London Borough of Richmond upon Thames and London Borough of Wandsworth

Joint Assistant Director - Communities and Wellbeing

Babergh & Mid Suffolk
Babergh and Mid Suffolk District Councils are at the forefront of joint working and are a progressive award-winning partnership Ipswich, Suffolk
Recuriter: Babergh & Mid Suffolk

Financial Case Management Officer

Telford & Wrekin Council
£22,627 - £24,491 per annum
The Financial Case Management Officer will sit within the Adult Social Care, Service Improvement & Efficiency service and will be responsible for... Telford, Shropshire
Recuriter: Telford & Wrekin Council

Social Worker - Family Support and Protection

Essex County Council
£32065 - £43839 per annum + + Free On-Site Parking % Local Gov Pension
This position is open to Newly Qualified Social Workers (NQSWs) and Experienced Social Workers. The starting salary for a NQSW is £28,592 per annum a England, Essex, Basildon
Recuriter: Essex County Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue