 
|
|
In partnership with:
|
7 August 2007 UK state data-sharing lacks adequate securitySA MathiesonAn independent review of UK government infosecurity (PDF) has concluded that “adequate mechanisms are not yet in place” to support secure sharing of data between departments, despite such sharing of personal information playing a central role in the government’s IT plans. A summary of the review, carried out by Nick Coleman, said that “most departments are investing significant amounts of money and effort in information security,” but were doing so within departments, rather than between them. Although departments are now trying to address protection for what the UK calls “joined-up government,” the lack of mechanisms “puts at risk the government’s aspirations for service delivered by technology”. The review was commissioned by the Cabinet Office’s Central Sponsor for Information Assurance. Coleman, its author, has held senior security jobs at IBM and has recently acted as chief executive of the newly-formed Institute of Infosecurity Professionals. He made a number of recommendations, including a central facility for sharing risk information, best practice and priorities across government. Also recommended were mandatory policy rules, minimum standards, professional certification of staff and independent monitoring for departments, and privacy impact assessments to tackle identity management challenges. In July, the Cabinet Office released its national information assurance strategy. Meanwhile, on 7 August the UK’s information commissioner’s office (ICO) released advice for the general public on how personal data is shared by organisations (PDF). The ICO stressed it is not opposed to all sharing of personal data, but said that if it takes place without the individual’s consent, this must be expected and reasonable, and done transparently. Sharing of sensitive data, such as health records, will generally require consent, and when this is asked individuals must have a genuine ability to refuse. The information commissioner Richard Thomas recently said he was “horrified” by the number of organisations confessing to recent data breaches. * 9 August: in a statement, the ICO said it welcomed Coleman's review. "We are pleased that organisations are being encouraged to adopt a risk analysis-based approach to information handling as highlighted in the review and in our own guidance on information sharing," it said. "Earlier this year, the information commissioner called for the use of Privacy Impact Assessments help organisations assess the benefits and risks of new technology prior to its implementation. We are pleased to note that this approach is echoed in the review. We are also pleased by the emphasis the review places on the adoption of best practice and the development of professionalism in the handling of personal information." Information commissioner 'horrified' at number of data breaches (12 July 2007) Goverment launches information assurance strategy (3 July 2007) ICO issues policy on data sharing (8 June 2007)
|
|
