Advertisement
Promo

Security threats Toolkit

ICO: Gov't ignoring data-sharing hazards

Tom Espiner ZDNet.co.uk

Published: 11 Jul 2008 00:01 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The information commissioner has issued a stark warning that the government has not paid enough attention to the dangers of data sharing.

In pursuing its 'transformational government' agenda of greater data sharing, the government has not fully considered the implications for privacy, according to a Friday report by the information commissioner. While the government has concentrated on the benefits of increased data sharing, it has ignored the dangers, the data watchdog warned in the report.

"The tenor of the government's argument has focused closely on the benefits of data sharing, paying perhaps too little attention to the potential hazards associated with ambitious programmes of data sharing," stated the report. "The government has consistently laid itself open to the criticism that it considers 'data sharing' in itself an unconditional good, and that it will go to considerable lengths to encourage data-sharing programmes, while paying insufficient heed to the corresponding risks or to people's legitimate concerns."

The benefits of data sharing include more efficient bureaucracy, the government has consistently stated. However, the dangers of increased data sharing, including greater risk of people's personal details being misused or compromised, has not been acknowledged by the government, stated the report.

This situation has been exacerbated by events such as the loss of 25 million child-benefit claimant details last year by HM Revenue & Customs, and the loss of bank details by financial institutions. According to the report, their loss "served as stark illustrations of the risks posed by the 'information age'."

The Data Sharing Review Report was written by information commissioner Richard Thomas and Wellcome Trust director Mark Walport. According to the authors, there has been a refusal to acknowledge data-sharing dangers, and confusion is rife in both public-sector agencies and private-sector organisations as to how and when to share data.

"This is one of the areas of most confusion," Walport told ZDNet.co.uk at a press conference on Thursday. "Authorities involved in child protection complained that they couldn't get the information they need [from each other]. It's an area of a great deal of confusion."

Thomas recommended the government put a code of practice in place to alleviate this confusion, and clarify existing data-protection legislation.

However, he also recommended that in order to facilitate data sharing, if the government had a genuine need to remove or modify a legal barrier to data sharing, a fast track procedure needed to be implemented to repeal or modify data law. Thomas said this should still be scrutinised by Parliament.

Both Walport and Thomas declined to comment on the security and privacy implications of data sharing in individual schemes such as the UK ID cards programme, which plans to share people's identity data between banks, retailers and government agencies. However, Walport said that with this legal mechanism the government could scrutinise data sharing on a scheme-by-scheme basis.

VIDEO

Dialogue Box
Dialogue Box 6.8: Top tech trumps

What are likely to be the most important tech stories over the next few months? Rupert and Charles discuss the contenders

View full video+

Thomas and Walport made a number of recommendations for government data sharing. Organisations handling significant amounts of personal data should work out accountability and lines of responsibility, and train staff to handle data securely, said Thomas.

"There's a significant lack of public trust in data handling in general, and data sharing in particular," said Thomas. "There's got to be clear governance and accountability. Who is responsible for getting it right? If the top managers are assuming techie people are [responsible], that wouldn't be right; if the techies assume HR are doing it, that wouldn't be right."

One of the recommendations was that councils cease selling an edited version of the electoral register to commercial organisations, in order to increase public trust."There's a lot of concern out there," said Thomas. "People are uncomfortable with the idea of their information being sold to commercial organisations."

Thomas also recommended that the Information Commissioner's Office (ICO) be given powers in line with the Financial Services Authority, with the power to impose fines on organisations for "reckless" data breaches, and that the ICO be expanded from a single information commissioner to an executive board of commissioners, with greater powers and funding. The report stated that, at present, the information commissioner did not have enough powers to be truly effective.

"A large majority of contributors to the review expressed the consistent and strongly held view that the information commissioner and his office (ICO) have neither adequate powers nor sufficient resources to promote or enforce proper information-management practices," stated the report.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
11 out of 11 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Project Manager/Change

REF0005 - Technical / Development Lead

Language Translation Coordinator with German

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Met will not reopen phone hack investi...

The Metropolitan Police will not reopen its investigation into alleged phone hacking by the News of the World. In a press statement delivered outside Scotland Yard on Thursday, Assistant... More

Post a comment

FUD over ChromeOS's security already?

It hasn't taken long for the security vendors to wake to the potential of Google's new ChromeOS. The potential that is, to create FUD – fear uncertainty and doubt. In a release today,... More

Post a comment

Feds take DDoS in their stride

The US Department of Homeland Security has said that a series of distributed denial-of-service attacks began on US government networks on 4 July. However, Amy Kudwa, deputy press... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters