Government departments breach Data Protection Act principles

Article

Government departments breach Data Protection Act principles

Government departments are still failing to implement basic security procedures and are in breach of the Data Protection Act, according to new data discovered under the Freedom of Information Act.

Despite repeated instances of information breaches, and a wide-ranging review by the Cabinet Office of data handling by government, nearly all government departments have failed to put in place basic data protection and error correction policies.

The research was carried out by the Garlik consultancy, which put 30 Freedom of Information (FoI) requests into all major government departments between September and November last year, to see if they had procedures and resources in place to ensure the accuracy of the data they kept. The fourth principle of The Data Protection Act states that "Personal data shall be accurate and, where necessary, kept up to date" but no department was able to show that it was compliant with this simple requirement.

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Data loss disasters

If you lose a laptop or USB stick that contains sensitive employee data, do you have a recovery plan?
"The government's complacent attitude towards managing and correcting our personal data is all the more shocking in the light of the 176 public data losses that have occurred this year alone," Tom Ilube, CEO of Garlik said in a statement. "What people really care about is that if the government holds your personal data, it is accurate and well looked after. A typical public database can have error rates approaching 10%, meaning that a single large government database could possess erroneous data on several million individuals."

Alan Calder, chief executive of IT Governance Ltd, a consultancy specialising in regulatory compliance, was scathing about the results. "There is an egregious absence of data protection compliance in the whole of central government," he said. "Imagine what would happen in the private sector if the management team ignored instructions to stop breaking the law."

He said it would take little effort or resources to build in the right sort of corrective mechanisms. "It's not very hard to have a data correction policy. It just requires the will to do it, and this is evidence that there is no will across government and the public sector."

The news emerged at the same time as the government announced the launch of the new ContactPoint system, which is a data-sharing protection service that will allow police, medical staff and social workers to see details of up to 11 million children. Announcing the first stage of the project, Children's Minister Ed Balls said: "It is a vital tool to help keep children safe because it is absolutely crucial the right agencies are involved at the right time and get even better at sharing information."

He said basic personal details of children would be held, but not details of any cases. "We have put in place comprehensive arrangements to prevent inappropriate access to the information on the system and ongoing security will remain a priority," he said.

Data that Garlik Ltd. received from its Freedom of Information enquiries
Government Agency Written data correction policy or protocol? Conduct independent audits demonstrating DPA compliance? Have funds specifically allocated/record of funds re: correction of erroneous data?Hold statistical data regarding erroneous data corrections?
Attorney GeneralNONONONO
Business Enterprise & Regulatory ReformNONONONO
Cabinet Office (& No 10) NONONONO
Children, Schools & FamiliesNONONONO
Communities & Local GovernmentNONONONO
Crown Prosecution ServiceNONONONO
Culture, Media & SportNONONONO
Department of HealthNONONONO
Driver and Vehicle Licensing AgencyNOYESNONO
Environment, Food & Rural AffairsNONONONO
Foreign & Commonwealth OfficeNONONONO
Home Office & associated departmentsDelayed response due to public interest concernsDelayed response due to public interest concernsDelayed response due to public interest concernsDelayed response due to public interest concerns
HMRCNONONONO
Innovation, Universities & SkillsNONONONO
International DevelopmentNONONONO
Independent Police Complaints CommissionNONONONO
Ministry of JusticeNONONONO
Ministry of DefenceNONONONO
National Audit OfficeNONONONO
NHS Connecting for HealthNONONONO
Northern Ireland OfficeNONONONO
Office of Public Sector InformationYESNONONO
OPSTEDYESYESNONO
Scotland Office
Stated they fall under the Ministry of Justice		NONONONO
Serious Fraud OfficeNONONONO
TransportNOYESNONO
TreasuryNONONONO
Treasury SolicitorsNONONONO
Wales OfficeNONONONO
Work & PensionsNONONONO