Shared services will lead to increased data breaches, says security expert

Council will see NHS-style data breaches if they fail to retain adequate inhouse security expertise

The merging and outsourcing of local government services is likely to lead to an increased number of data breaches, according one security expert.

The recent news that Westminster, Kensington & Chelsea and Hammersmith & Fulham are to merge services is the latest in a series of merger announcements.

Graeme Stewart, business development director for Sophos, explained that these moves tend to see the management of information security put to one side: “It is not a process that promotes innovation or enables cost savings, rather it mitigates problems. But without it we will begin to see an increased number of data breaches.”

The merger of councils will inevitably lead to experts in information security losing their jobs, and those that are retained will be expected to manage security for an increased catchment area, he added.

Outsourcing will result in similar issues, he argued, with outsourcers taking on an IT and security function that would be better kept inhouse.

Currently local authorities are losing their talent in this area and will find that they have to buy in expertise when data management problems arise, and “this will inevitably be more costly than retaining the talent in the first place”.

“We will start to see problems such as those experienced with the NHS IT system, which has more data breaches than any other body because it is centrally managed," Stewart said. "Breaches are not a failure of IT, they are a failure of policy, they can’t be fixed by implementing a piece of software.”

Stewart concluded that the problem can be resolved by outsourcing the mundane day-to-day activities and retaining control of personal information and high-risk projects.