News

Government failed to check data was secure, politicians admit

Rebecca Thomson

Government failed to ensure departments protected sensitive personal data, politicians admit.

The government's biggest mistake in the run up to HMRC's loss of the personal details of 25 million people, was the failure to scrutinise data practices in government departments, politicians admitted this week.

Cabinet Secretary Gus O'Donnell, and Ed Miliband, Cabinet Office minister, said the Cabinet Office sent out reams of data-handling guidance to departments, but failed to ensure government departments were complying with it.

O'Donnell said, "If there is a mistake we made, it was relying too much on guidance and not enough on testing compliance.

"There was an issue that guidance is too complex, or in some cases it was not being followed at the front line. There was no way of testing if guidance was being followed."

Ed Miliband added, "It is not about issuing documents, it is about changing the culture."

They were answering questions from MPs on the Public Accounts Committee, which is holding an enquiry into data handling in government.

O'Donnell said his report, which gave recommendations on how government can better handle data, aims to address the problem.

Its recommendations included measures to improve data handling by giving the Information Commissioner the power to make spot checks on departments' data policies.

Departments - including HMRC, whose loss of two discs with 25 million personal details focused attention on the issue of data security - must train all their staff in the importance of keeping data secure. "Staff should treat personal data in the same way they treat cash," O'Donnell said.

Miliband did not agree there should be criminal penalties for civil servants who knowingly allow data to be compromised. He said, "It does not strike me as a way to achieve the ends that we want. It is easy to say, let us throw some civil servants in jail, but I do not think it will achieve very much."

O'Donnell said much of HMRC's £155m investment in data security will be spent on measures improving IT, such as encrypting all mobile devices.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy