O'Donnell report sets out new data rules for government

Government departments must use independent security experts to test the resiliance of their IT systems under a government framework designed to prevent...

Government departments must use independent security experts to test the resiliance of their IT systems under a government framework designed to prevent a repeat of HMRC's high profile data breach.

The framework, published today by Cabinet Secretary Sir Gus O'Donnell, follows the loss of child benefit records by HMRC in November last year.

O'Donnell admitted the government's data-loss problems were caused not only by staff mistakes but the lack of technical safeguards.

He said, "It should not have been possible to download the entire database onto removable, unencrypted discs".

From now on departments must have their systems tested by independent IT experts, to expose any security risks. Departments holding personal data on more than 100,000 individuals must hire IT experts to conduct penetration testing on their systems.

The framework requires civil servants who need to access to sensitive data outside the office to dial in on a home system or through a remote secure channel, rather than transfer data on a mobile device. All devices must be encrypted and the use of discs will be phased out.

The government plans to minimise access rights to information and will keep logs of electronically held information.

O'Donnell said, "There are technical systems answers to these issues and where possible these are the ones we need to use".

Departments must also address the culture surrounding data handling in government, he said.

They will be required to carry out Privacy Impact Assessments on projects and systems to ensure privacy issues are factored in from the start.

Information risk management will be incorporated into the government's Gateway reviews that monitor the progress of the most important projects. And staff will be given annual training on the management of data.




Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close