Government urged to introduce data loss controls

New losses of data revealed

Losses of sensitive personal information by public sector bodies will persist unless the government introduces stronger controls security experts have argued.

Recent Freedom of Information requests have highlighted the frequency with which data is being lost: 13 London councils admitted to having lost or wrongly revealed public data in the last year.

The unrelenting loss of sensitive data is likely to weaken trust in public bodies, argued Gary Clark, vice president of security solution supplier for businesses and governments, SafeNet. “Taking serious, legislative steps is the only way to rebuild it,” he said.

At Kensington and Chelsea council there have been two instances of social workers loosing files in bars in the past year. The files contained court reports, statements of special educational needs and names of young people in care.

The fundamentals of good data policy are not difficult, argued Dennis Hoffman, vice president of data security at RSA: organisations need to know what data they have, where it is kept and who has access rights. A good first step is the introduction of data classification technology, which can help business leaders identify sensitive information. "That helps make IT smarter," he said.

Devin Redmond, senior director of product management at Websense said that IT professionals should focus on auditing their data and introducing policies to restrict what information can leave the organisation. "There is frequently a gap in the understanding of what sensitive data is and where sensitive resides. You then need to look at how it is used and what policies are in place governing that."

The Local Government Association (LGA) is apparently working on new data protection guidelines for councils, but details remain vague. “I think there is some kind of guidelines being pulled together,” said an LGA spokesman, who also said individual councils should form their own set of concrete guidelines. “It is not our job to tell councils what to do,” he added.

In addition, the LGA spokesman disagreed that councils had a relaxed attitude in their treatment of people’s data. “There are no systematic problems,” he said. “What we can’t legislate for are people who don’t follow the rules,” he added.

The LGA said London council staff are involved in regular data management meetings to discuss security issues, once every five to six weeks.