Skip to main content

UK local authorities are failing to protect sensitive data

New research claims that local authorities across the UK are failing to protect sensitive data effectively.

According to integrated managed data services provider Six Degress Group (6DG (opens in new tab)), there is a "significant gap" in data security protection within local councils, with 55 per cent reporting breaches of "OFFICIAL (opens in new tab)" data in the last two years.

The company sent a Freedom of Information (FOI) request to the country's 433 local government bodies and found that 60 per cent of those which responded did not know how much official data they hold or where such information is kept.

One authority even admitted to experiencing 213 data breaches in just a two year period.

"This insight reveals a huge gap in approach within local authorities across the UK, with a worrying majority lagging in their understanding of the actual position they are in regarding data security, let alone bringing protection up to standard," claimed group strategy and marketing director at 6DG Campbell Williams (opens in new tab).

Over the two year period that the firm investigated, 34 per cent of councils surveyed said they had not experienced a data breach, but it still believes the results indicate a lack of comprehensive knowledge od data protection and security risks.

The local authorities also revealed that local government bodies are unable to report on how much sensitive data they hold and 66 per cent are unsure of how to manage their official data under new CESG (opens in new tab) official security classification guidelines.

Furthermore, the councils also suggested that much confusion had occurred when the government scrapped its Impact Level security classification scheme in favour of OFFICAL, SECRET and TOP SECRET (opens in new tab).

While most were unable to explain where their official data is held, 2 per cent did say such information was held in the cloud, while 37 per cent said the majority of data was stored "on site."

Authorities Unaware Of Their Own Situation

"We see less than half of [local authorities] classify their data to an officially recognised standard and have regular audits in place to protect their data; this small percentage appears to be in a reasonable position as they aren't suffering data breaches," claimed Williams.

"The rest are struggling - breaches are commonplace - and what is equally as worrying is the serious lack of insight they have into their own situation. These authorities need to act very quickly or more sensitive public data will be lost to potentially criminal sources," he added.