Notwithstanding my previous post, this is by way of a small spot of house-keeping. I can't really let the latest batch of the Government's data security breaches (as per here, here and here) pass without some sort of comment.
Happily others have made appropriate noises about them already - notably Dizzy (who else?)(here and here) who makes the eminently sensible and intelligent suggestion of "a proper technology ministry responsibile for all IT and security". Personally I reckon it needs to go a little further than this. There should be a Cabinet-rank Minister, ideally with some level of technological expertise/knowledge (chance would be a fine thing from our current bunch of politicos!!!), with full responsibility and accountability for IT across the whole of Government not just cross-departmentally. The problem here isn't just about data security but about the whole bundle of IT issues (procurement, project development, infrastructure, &c, &c) which suffer from the dread disease of departmental turf ways and unjoined-up Government. As Dizzy rightly says: "As long as we have a disconnected system of IT development and systems in Government then there will always be someone else to blame".
The other part of the problem is that Government's 'wants and needs' from our data, notwithstanding data protection legislation, are (generally) antipathetic to our own. Worse, there is a cultural malaise within policy development in this area that assumes too readily that our interests should be subsumed to an airy-fairy perception of the 'greater good'. In other words, our data 'wants and needs' for our data play second fiddle to those of Government. The vexed issue of who 'owns' data is inextricably wrapped up in this and gives rise to an extremely persuasive argument that this matter - the rights to privacy of and for data - should be addressed legislatively as a matter of urgency. Quite rightly Dizzy also maintains: "Under no circumstances should any personal data be sent out of the country by Government". Again I favour going further than this. We should revert to a principle that has been floating around for some time, trusted third party "info-mediaries". Responsibility for all data administration and management should be stripped away from the government machine and passed to a sensibly funded, independent (of both the public and commercial sectors) organisation (or organisations) (perhaps akin to the ICO) which would be statutorily charged with all data management, ideally on a federated basis, on behalf of the citizen and the government (in that order).
And finally I slightly disagree with Dizzy when he says: "The Government's proposal for jail time for anyone breaching data security is a misdirected solution". He is of course correct in saying that this is "putting a Band-Aid over a gaping gash". Nevertheless, it seems to me that the complete absence of any effective sanction for "reckless" data security breaches is a major contributory factor to the cavalier/indifferent culture that exists on data security within Government. It therefore follows that some form of deterrent could have the beneficial effect of focussing minds on being rather more assiduous about data security. I can't help thinking that this is a necessary part of the solution.
I have one final point to make. Evidently, the Great Bottler is hoping that the scandals surrounding data security breaches will disappear over the coming weeks - which attitude, incidentally, is itself a manifestation of the cultural malaise of which I speak. If I was in his big tent, I wouldn't have all that much confidence in this expectation. What we know is that the Information Commissioner has made it plain that there is a whole bunch of government-held data has gone 'walkabout' - although none as serious as the HMRC scandal (given the scale of that disaster, we shouldn't be surprised by that). Thus far we've only really been told about the DSA breach. So it is reasonable to suppose that news of others will continue to dribble out for quite some time. Quite apart from that, the whole matter will be revisted by the media and Parliament relatively early in the New Year when the various Reports are published. The issue just isn't going to go away. Additionally, all it would take for the whole issue to flare up again in spades - and for the skids to be put almost terminally under tthe Great Bottler's administration - would be a single instance of fraud or identity theft perpetrated as a result of a loss/breach of government-held data. And that, dear friend, continues to be a seriously viable possibility!!!
(Sorry about that.) But still have a happy Christmas.
No comments:
Post a Comment