The Oldie

Digital Life Matthew Webster

-

Local councils do not have a high reputation for efficiency, but you’d like to think that they take security seriously, especially the security of personal data. While we may not trust them to costeffect­ively run a picnic in a sandwich factory, we do expect that their general procedures and protocols should be of the best. They make enough fuss about Health and Safety, after all.

However, if you did think that, it seems you might be mistaken. At the recent Oldie computer seminar, one attendee told us about a letter from the local council advising that it had suffered a data theft which included the combinatio­n to the key safe outside his very elderly mother’s home. What especially concerned our reader was that this news came quite a time after the data theft had taken place.

In his case no harm was done, thank goodness, but a glance at the Informatio­n Commission­er’s website tells an unhappy story. In the past year alone, five councils have been fined a total of £510,000 (that’s our money) for various transgress­ions, including, in one case, leaving vulnerable people’s personal informatio­n exposed online for five years; yes, five years.

Those are just the public breaches; a friend of mine, a veteran technical consultant, was hired by one county council to advise them as they had deleted their entire historic payroll records. He was shocked to find the man in charge of the council’s data had scant knowledge of computers; he had been moved from the transport department.

Now, we all make mistakes, and councils will never be perfect, but what sets the good apart from the bad is how they try to prevent mistakes happening and how they act when they do.

That’s what makes a recent report by pro-privacy pressure group Big Brother Watch (BBW) all the more depressing. Using Freedom of Informatio­n requests, BBW establishe­d that of 395 councils approached, 114 suffered at least one cyber-security breach during the past five years and 25 admitted data had been stolen. Worse, more than half of them failed to report the breaches to the police, despite having a legal obligation to do so. Worse still, 75 per cent of councils only provide voluntary cyber-security training for staff, and 16 per cent provide none.

There is also evidence that some councils don’t even know what is going on. BBW was told by 126 councils that they did not experience any cyber-attacks at all during the five years. This seems astonishin­gly unlikely; even the Government’s own study in 2015 said that ‘33,000 malicious emails are blocked from accessing public-sector systems every month’. I simply don’t believe that the 126 councils suffered no attack for a full five years. I do believe that they have no idea if they have been attacked or not.

It’s very worrying and high time these guardians of the public data realised what the perils are and took steps to safeguard the data properly and consistent­ly. It’s not difficult; make sure you have the best equipment and keep it updated, establish the best protocols and train your staff properly. It doesn’t sound too much to ask.

The trouble is, getting it right involves spending money with no visible outcome (no buildings, schools or parks) and councillor­s can’t see themselves getting OBES just because there was no security breach. It’s certainly true that most councillor­s I come across, though many are good in heart, have lamentable technical skills. They just don’t understand the risks.

Maybe we should introduce a new order of chivalry, the Order of the Protector of the Data, given each year to the council data managers with the fewest breaches. That might wake them up a bit; councillor­s love a trip to Buckingham Palace.

Newspapers in English

Newspapers from United Kingdom