Government departments have failed to put in place
basicdata protection policies, despite
recent major information breaches and the impending introduction
ofID cards.
A series of 14 Freedom of Information (FoI) requests supplied to
online identity specialist Garlik reveal that government
departments, including HM Revenue and Customs (HMRC), Department
for Work and Pensions (DWP), Department of Health, Ministry of
Defence (MoD) and the Independent Police Complaints Commission,
lack basic systems for proving compliance with the Data Protection
Act (DPA).
The responses received to date demonstrate worrying gaps in the
government's handling of Britons' personal information, said
Garlik.
Of the 14 government departments responding to FoI requests,
most admitted to all of the following:
- No written data correction policy or protocol in place
- No allocated funds for correcting erroneous data
- No statistical data regarding erroneous data correction
- Never having been subject to an independent audit in order to
prove compliance with the Data Protection Act
Tom Ilube, CEO at Garlik, said, "With HMRC and DWP data breaches
fresh in people's minds, these admissions reflect a surprising
disregard by government for the value of our personal
information.
"These gaps and the absence of independent audits point to the
root causes of the recent data breaches - a lack of robust
accountability."
Add to this that ID cards, a national identity register and huge
NHS databases are on the horizon, people's main concern should be
that data held about them by government is correct, and that
important decisions about them are not based on errors, said
Ilube.