UK Government Told to Tighten Data Security
Over recent months various UK government departments have faced some embarrassing breaches of both protocol and security that have resulted in private data being lost, misplaced or stolen.
These oversights have not only called into question the manner in which data is handled, but also the amount of data that governmental bodies collect on UK citizens, and whether the UK is becoming a "surveillance society".
A group of MPs have conducted an enquiry into the UK government's data policies and submitted a report on their findings that has been welcomed by Information Commissioner, Richard Thomas.
In an article for Information World Review, Tracey Caldwell writes that the UK government needs to do more to protect data, as well as protect against the trend of "function creep", which entails using information for purposes other than for which it was originally intended.
While governments all over the world are bustling to collect more information on their citizens in the belief that this will help them control, detect and prevent terrorist activity and crime and maintain tight security, the enquiry and subsequent report indicates that there is a need for data minimisation.
There is such a thing as too much surveillance, and Thomas says that those who collect data need to ensure that they understand the importance of data protection frameworks, and that they should be certain that the information they collect is in fact necessary and justified.
Thomas may think that the MP's report is a beacon in the murky world of data collection and use, but not everyone shares his opinion.
Ovum analyst, Graham Titterington, says that it merely restates principles and laws that are already in place and doesn't shed light on anything new.
According to Titterington, one of the biggest problems facing data protection is getting the government (all governments) to practice what they preach.
In other words, for governments to realise that their privacy and protection policies apply as much to them as they do to private enterprises.
A possible solution to mass data collection could be the use of privacy impact assessments as suggested by the MP's report.
Privacy impact assessments would be used to determine the possible implications of data collection for individuals and would also look at what security measures would be most appropriate for the protection of the data required.
According to data privacy expert, Vin Bange, privacy assessment impacts can be difficult to set up, as to determine exactly standards of privacy should be adhered to.
But, Bange says that with guidance from the Information Commissioner's Office code of practice, many private organisations use privacy impact assessments with great success.
He sees no reason why that success can't be replicated by government.
Thomas freely admits that the more personal details that are collected, the greater the risk for mistakes.
And Titterington says that one of the fundamental principles of data collection is that only a minimum amount of data is kept and only for specific purposes.
All of which lends itself to the credo that, especially as far as data privacy and protection goes, less is definitely more.
Recommended sites: http://www.
iwr.
co.
uk/information-world-review/news/2221514/government-told-curb-public-4097598 http://www.
computing.
co.
uk/itweek/news/2221714/watchdog-serves-notice
These oversights have not only called into question the manner in which data is handled, but also the amount of data that governmental bodies collect on UK citizens, and whether the UK is becoming a "surveillance society".
A group of MPs have conducted an enquiry into the UK government's data policies and submitted a report on their findings that has been welcomed by Information Commissioner, Richard Thomas.
In an article for Information World Review, Tracey Caldwell writes that the UK government needs to do more to protect data, as well as protect against the trend of "function creep", which entails using information for purposes other than for which it was originally intended.
While governments all over the world are bustling to collect more information on their citizens in the belief that this will help them control, detect and prevent terrorist activity and crime and maintain tight security, the enquiry and subsequent report indicates that there is a need for data minimisation.
There is such a thing as too much surveillance, and Thomas says that those who collect data need to ensure that they understand the importance of data protection frameworks, and that they should be certain that the information they collect is in fact necessary and justified.
Thomas may think that the MP's report is a beacon in the murky world of data collection and use, but not everyone shares his opinion.
Ovum analyst, Graham Titterington, says that it merely restates principles and laws that are already in place and doesn't shed light on anything new.
According to Titterington, one of the biggest problems facing data protection is getting the government (all governments) to practice what they preach.
In other words, for governments to realise that their privacy and protection policies apply as much to them as they do to private enterprises.
A possible solution to mass data collection could be the use of privacy impact assessments as suggested by the MP's report.
Privacy impact assessments would be used to determine the possible implications of data collection for individuals and would also look at what security measures would be most appropriate for the protection of the data required.
According to data privacy expert, Vin Bange, privacy assessment impacts can be difficult to set up, as to determine exactly standards of privacy should be adhered to.
But, Bange says that with guidance from the Information Commissioner's Office code of practice, many private organisations use privacy impact assessments with great success.
He sees no reason why that success can't be replicated by government.
Thomas freely admits that the more personal details that are collected, the greater the risk for mistakes.
And Titterington says that one of the fundamental principles of data collection is that only a minimum amount of data is kept and only for specific purposes.
All of which lends itself to the credo that, especially as far as data privacy and protection goes, less is definitely more.
Recommended sites: http://www.
iwr.
co.
uk/information-world-review/news/2221514/government-told-curb-public-4097598 http://www.
computing.
co.
uk/itweek/news/2221714/watchdog-serves-notice
Source...