Comment : Public Sector organisations admit to poor attitudes towards treatment of confidential data

62% of public sector IT decision-makers are unaware of the possible introduction of data breach notification legislation according to research by Clearswift

The security firm has found that public sector organisations are not dedicating enough time and resource to Information Assurance (IA), putting them perilously at risk of suffering from data breaches.

According to the first piece of research, conducted by Clearswift and IA08, the government’s Information Assurance Event, (“IA and Organisational Responsibilities in the Public Sector, 2008”), 53 per cent of respondents - all of whom either work within or for a public sector department - felt that their organisation didn’t spend enough time on IA issues.

At the same time, a separate Clearswift research report (“Worldwide Data Loss Prevention Trends, 2008”) found that almost one in five (19 per cent) of UK IT decision-makers in the public sector admitted to having experienced at least one incidence of data loss in the last 12-18 months.

Further findings from the data loss report revealed over half (62 per cent) of IT decision-makers in the public sector are unaware of the proposed introduction of data breach notification legislation - demonstrating a surprising lack of awareness of the issue given the recent media attention surrounding the proposed legislation.

In addition, an overwhelming majority (85 per cent) don’t believe the general public should be informed if a data breach occurs.

Clearswift’s IA 2008 Research also suggests that 40 per cent of senior management have little or no understanding of IA, and that 32 per cent of board members have discussed IA fewer than four times at board meetings in the past year.

Forty-nine per cent of public sector employees polled felt that their organisation’s IA procedures could be significantly improved, whilst 86 per cent also felt that IA procedures could be improved significantly across the UK government as a whole.

When asked about the possible impact of data breach notification legislation, almost half (46 per cent) of UK public sector respondents envisage their annual IT spend increasing by at least five per cent, and 24 per cent of public sector IT managers expect that increase to be at least ten per cent.

In comparison, nearly one in four (24 per cent) US public sector respondents who currently adhere to data breach notification legislation said they had seen no change in their IT spend since its introduction. This compares to only 15 per cent of private sector IT managers.