Government assesses security procedures in light of data breach

Government assesses security procedures in light of data breach

UK Information Commissioner’s Office given power to carry out spot checks on government departments

The Information Commissioner’s Office has been given the power to carry out spot checks on government departments to ensure they are adhering to data-protection procedures.

The move follows the HMRC data loss debacle that has prompted the government to review its security procedures.

Prime minister Gordon Brown announced the new powers in the House of Commons yesterday. “We will give the Information Commissioner the power to spot check departments, to do everything in his power and our power to secure the protection of data,” said Brown.

Information Commissioner Richard Thomas said the new powers will “ensure better compliance with the law and [will help to] protect people’s data.” However, he added that his department would have to be “properly resourced” in order to carry out the checks. Details of the spot checks will be worked out with the Ministry of Justice, he added.

Thomas had first asked for stronger powers at the Home Affairs Select Committee in May, when he explained how data protection guards against “excessive surveillance”.

“As well as risks such as identity mistakes and security breaches there can be unnecessary intrusion into people’s lives and loss of personal autonomy,” Thomas had said, adding, “It is essential that before new surveillance technologies are introduced full consideration is given to the impact on individuals and that safeguards are in place to minimise intrusion.”

However, the new powers granted by the government still do not go far enough, according to Thomas. He is calling on the government to introduce stiff legal penalties for organisations that fail to put in place adequate measure to protect sensitive data.

“At the moment I can take limited enforcement action, but making [the failure to take reasonable steps to prevent a breach] a criminal offence would serve as a strong deterrent and would send a very strong signal that it is completely unacceptable to be cavalier with people’s personal information,” Thomas said.

Brown explained that a number of reviews are under way that might result in further changes to government procedures.

“I have asked the Cabinet Secretary and security experts to ensure that all departments and all agencies check their procedures for the storage and use of data,” Brown said.

Another review, which is being chaired by Mark Walport of the Wellcome Trust and the Information Commissioner, aims to assess the security of personal data in the public and private sectors. This was set up last month in response to the Commissioner’s calls for powers to inspect both public and private organisations.

Meanwhile, the HMRC incident is the subject of an independent review by Price Waterhouse Coopers, which is likely to form the basis of further security recommendations by the Commissioner’s Office.