Industry reaction: Local authorities shamed over data breach fiasco

Following the report from Big Brother Watch that revealed local authorities suffered over 4,000 data breaches in three years, various industry professionals have offered their thoughts and analysis.

Phil Barnett, EMEA VP and GM of Good Technology:

“What these figures show is a shockingly naïve approach to public data protection by the UK’s local authorities. They only go to highlight why the public is becoming less confident in government data protection everyday.

"With the use of data and technology becoming more complex, people need to know that someone is taking care of their information. With the public’s trust diminishing, government bodies need to take matters into their own hands.

"The best approach for minimising security threats is a combination of stringent security policies, the correct tools and education. Education is vital, as it equips the workforce with the knowledge they need to make informed decisions and evaluate potentially risky situations.”

Luke Brown, Vice President & GM, EMEA, India & Latam at Digital Guardian:

“The most worrying aspect of these new report findings is the extent and variety of human errors occurring across the local authorities involved. Human error is something that many organisations easily overlook when working with sensitive data, usually to their detriment.

"In fact, recent research by the Online Trust Alliance found that almost one-third (29 per cent) of data losses are caused by staff – whether done maliciously or accidentally, so looking within your organisation for potential threats to data security is imperative. This will become even more important once the proposed EU Data Protection Regulation comes into force.

"There are numerous technologies out there designed to combat human errors and more malicious insider threats. Small investments can go a long way, so it’s mystifying that local authorities aren’t taking more advantage of the solutions available. When technology that protects data at source is deployed, it removes many of the risk factors associated with human error and insider threats.

"Sensitive data can be protected from unauthorised copying, deleting or viewing, meaning it is protected even if it is misplaced. Furthermore, staff quickly become aware of the impact of their actions, leading to rapid behavioural changes. Within just a month or two of deploying data-centric security solutions, organisations typically see a dramatic drop in staff-related data breaches as a result.”

David Juitt, chief security architect, Ipswitch

“Over and over we are seeing that public sector organisations are falling foul of data loss as opposed to data theft. Whilst headlines often focus on sophisticated hacks, today’s news demonstrates that the majority of public sector breaches are far more simplistic. Sending an email to the wrong recipient or leaving a laptop, tablet or USB in a public place may seem like an easy mistake, attributable to a flaw in human nature. However, when it is your personal data that has been lost or shared, it feels a lot more like negligence. That’s why there are strict data protection regulations and fines for this type of breach. Local authorities are losing the public's trust as well as its data.

"What’s also surprising is that organisations don’t seem to be disciplining staff for these breaches. Could this be an acknowledgement that many don’t have the systems, technology, training and policies in place to support staff in keeping data secure?

"How personal data is shared within Local Authorities and with external agencies is absolutely key in securing the data in transit. There are technology solutions and data protection guidelines which account for potential flaws in human nature when it comes to keeping data safe. By automating, managing and controlling all data file transfers from a central point of control, Local Authorities are able to easily send and share files using IT approved methods.

"The IT department also retains complete control over activity. It’s no longer good enough to just have the right policies in place for secure data transfer, an organisation must ensure it has the right file transfer technologies, security systems, processes, and most importantly, staff training.”

Campbell Williams, Group Strategy and Marketing Director at Six Degrees Group (6DG):

“Councils need to take data protection more seriously. We recently conducted a Freedom of Information Act request amongst the 440 UK councils which revealed a significant gap in data security protection amongst Local Authorities (LAs) in the UK, with 55 per cent reporting breaches of ‘official’ data in the last two years.

"More worryingly it also showed a staggering 60 per cent of LAs don’t know how much sensitive ‘official’ data they hold, or where it is kept, with one authority suffering 213 data breaches in just two years."

“This insight reveals a huge gap in approach within LAs across the UK, with a worrying majority lacking in their understanding of the actual position they are in regarding data security, let alone bringing protection up to standard, breaches are commonplace - and what is equally as worrying is the serious lack of insight they have into their own situation.

"These Authorities need to act very quickly or more sensitive public data will be lost to potentially criminal sources.”