Ely, England (PRWEB) July 12, 2008
The only way to avoid further disastrous losses of individuals' sensitive private information is to immediately commence a comprehensive overhaul of the way Central Government staff manage confidential personal information, warns leading UK compliance specialist IT Governance (http://www.itgovernance.co.uk/). The loss of millions of child benefit records by HM Revenue and Customs, and the mislaying of laptops and security dossiers by MoD staff, are part of the same problem - institutional failures to define and implement basic compliance procedures in line with the requirements of the Data Protection Act (DPA).
However, it is not just major Whitehall departments at fault - the recent IT Governance Best Practice Report, 'Data breaches: Trends, costs and best practices' (http://www.itgovernance.co.uk/products/1615), indicates that there is a culture of complacency in the commercial sector as well, which also has a lax attitude to protection of client information and data-handling procedures.
Complying with the requirements of the DPA - the core UK legislation around data protection - is a key challenge for Whitehall departments and commercial organisations alike. A much tougher regulatory regime is now coming into place, which builds on the major fines recently levelled by the Financial Services Authority, such as the £980,000 penalty served on the Nationwide Building Society and a £1.26 million fine incurred by Norwich Union - both criticised for failing to adequately protect personal data. Added to this, there is the recently passed Criminal Justice and Immigration Act, which brings in a regime of 'substantial' fines for organisations that fail to meet their compliance obligations.
"Last week's Poynter report confirms what has been plain to anyone following the string of data losses occurring in the public sector," said Alan Calder, Chief Executive of IT Governance. "These aren't just the acts of rogue employees, and it frankly beggared belief that this was the original explanation offered for the HMRC fiasco. Instead, they are symptomatic of a continued failure to embed data security procedures and training into the organisational culture. We can only hope that this report might finally make Whitehall wake up and smell the coffee that has been so clearly brewing for years."
"The reasons for changing the way in which both public and private sector organisations manage information compliance are compelling," warns Calder. "The high-profile data-handling fiascos of recent months have underlined this. Leaders have, for too long, been ignoring the importance of protecting personal data, and urgent attention to both the spirit and the letter of the law is urgently required."
"Fixing these problems calls for more than some extra IT investments. There is a root and branch managerial job to be done to achieve data protection compliance, involving training, process change and the adoption of best practices. And yet, compared to many of the investments made by government departments and companies, this all comes at a bargain price. It isn't a matter of choice - the public and private sectors owe it to us, as their customers, to protect our data. Hopefully, the embarrassment caused by this report will have the positive side-effect of prompting a drastic rethink by all organisations working with client data. Any organisation not addressing its information security needs with a formal compliance regime is plainly risking not just horrendous financial penalties - it's putting its very survival on the line."
IT Governance's 'DPA Compliance Assessment Tool' (http://www.itgovernance.co.uk/products/1791) provides an easy-to-use way to assess an organisation's current level of compliance with the Data Protection Act. Its 'DPA Compliance Toolkit' (http://www.itgovernance.co.uk/products/1788) offers all the essential templates and tools, to greatly simplify and speed up the task of compliance.
NOTES TO EDITORS
IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at http://www.itgovernance.co.uk.
To view all the latest IT Governance news, go to http://www.itgovernance.co.uk/media/newscats.aspx?cat_id=2&title=Surveys%20&%20Press%20Releases.