Government Officials in the UK are facing some backlash over their ability to protect citizen information following the breach of three independent judge-led inquiries in January. The breach has been tied to two missing discs, which were mailed but not received. The loss is being investigated, and individuals affected will be contacted, but the larger question at play is how the incident happened and what that says of the government's ability to protect critical information.
Dan Raywood of IT Security Guru recently solicited the opinion of Stephen Midgley, Vice President of Global Marketing here at Absolute Software, in an article on the fallout of this breach. Stephen notes how this breach could result in an even further erosion in public trust around the handling public data:
“Throughout the Government there has been a renewed interest in digital first strategies, which means more devices being used more regularly…"
"With cost cutting measures happening throughout the public sector it is important that technology is embraced to future proof services and keep costs down. However if the Government cannot even look after critical information on a disc then it needs to think about how it can manage data on a multitude of devices."
The ICO has levied more than £5 million worth of civil monetary penalties against the public sector, each one with its own negative fallout and erosion of trust. If the public sector is to regain trust, it will need to demonstrate its ability to protect public data. Stephen lays out a 3-pronged approach to protecting data, including a data security policy that is clear and accessible; data security training across the board that is relevant and understandable; and proper data protection software in place.
As this breach shows, the security of data needs to be taken seriously by all levels of the organization. Every employee needs to understand what their role in protecting data is so that data is not put at risk in this way - unprotected and in the mail, with no way to track or erase it. Just as importantly, technology needs to be put in place that will restrict and monitor how data is used and to monitor and secure devices which contain or access this data. Learn more about how Absolute can help here.