We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Gov't makes 'staggering progress' in data security

90,000 HMRC staff have been educated

The government claims it has made a "staggering amount of progress" on data security, despite hundreds of personal records going missing this year.

The claim was made by Tom Watson, the junior minister responsible for data security, in November, but was later questioned in parliament by Conservative MP Francis Maude, who asked for evidence. Watson said in a written answer to MPs last week that the government had provided security training for thousands of public sector staff, and encrypted tens of thousands of laptops.

However, there have been numerous security breaches in the past year including the loss of details of 5,000 prison staff. Earlier this year, the BBC calculated the government has lost the personal data of up to four million citizens.

Data protection is a "top priority" for the government, Watson wrote. The key areas of improvement were the publishing of data breaches in annual departmental accounts, "increasing accountability with senior information risk owners," widespread training, and better use of technology".

All public sector staff could access an online training scheme, Watson said. There is also departmental training, including training for a million NHS staff. A year after HM Revenue & Customs lost the data of 25 million individuals, 90,000 HMRC staff have been educated on data security.

Watson was also keen to stress that the government understood the need to have the right security technology backing up its policies and training, "to minimise the likelihood of data losses".

In the Ministry of Defence, for example, the data on 30,000 laptops has been encrypted, he said.

Encryption "is now the norm", Watson said. The government also restricts access to removable devices and runs network penetration testing.

Eric Domage, security research manager at IDC, said the changes were a good sign: "At last, somebody in the government has understood that security depends on the users, and training has to be good".

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

"Training is expensive, but it's vital. It's the last friendly option, and you have to take it. If you still lose data, then you have to do a forensic investigation and punish those responsible. No one wants another HMRC."

Graham Cluley, senior technology consultant at IT security firm Sophos, agreed the changes were "better late than never".

But instead of encryption being the norm, "any sensitive data needs to be encrypted", he said, adding that the passwords "need to be strong".

The government also needs to monitor where its data is, and control it access using data loss prevention software, both Domage and Cluley said. This would prevent certain files from being put onto removable devices, or make sure they are encrypted automatically first.

"Ultimately most people think about convenience and take short cuts," said Cluley, "so you have to have the technology in place to back up the rules".

See also: Tories want 'urgent review' over 53 lost gov't PCs

IDG UK Sites

Windows 10 release date, price, features UK: Staggered release with PCs coming first this summer -...

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

MacBook Pro 15in preview: better battery life, faster storage and a new discrete graphics chip may...