Recent cases of lost data have damaged public perception of government competence
Over 80% of the population in Scotland has lost confidence in the UK government’s ability to look after personal data; this is the stark finding of the first comprehensive survey of its kind into the psychological impact of recent public sector information losses.
The survey, commissioned by software company Objective Corporation and conducted by YouGov, has identified a complete breakdown in trust and soaring concerns over fraud and identity theft.
Of the sample, 28% are very worried that the loss of personal files and important data such as national insurance information, tax details and banking records would directly impact them. A further 20% feel that such losses would impact them to a certain extent, while 22% of the sample felt that this could impact them but would wait for a response from the government itself before deciding.
Key findings:
29% of the sample have completely lost faith in the UK government’s ability to manage data; 34% think that the way in which the government was looking after personal data should be improving by now, particularly in light of the spate of recent breaches; and a further 22% are not confident that the government are protecting their data and consequently did not feel secure at all
When asked if the government was completely trustworthy in handling personal data, only 2% of the sample actually trust the government completely
35% of the sample believe that there is a real risk to them personally, as a result of missing personal information being used by fraudsters
Half the sample think that the risk lies in the criminal fraternity who might try to use their identity
Just 21% believe that the data losses so far have been just that – lost and not stolen
On the positive, 22% consider that the UK government will try and safeguard against future data loss
Adrian Cobb, Chief Operating Officer, Objective, stated: “The Scottish Government’s report ‘Data Handling in Government’, which was issued in June 2008, identifies issues relating to the management of corporate information assets and makes recommendations on how these can be addressed.”
“The good news is that the Scottish Government is not sitting on its hands on this matter and new regulations are being implemented to help safeguard corporate and personal information within the Scottish Public Sector in response to the issues and concerns raised in the data handling report’.” he added.
The report points out that to deliver public services effectively and efficiently, information needs to be shared between different parts of government; and that the public have a right to expect the information that they provide to be held securely and used appropriately.
Adrian Cobb added: “Data and it’s more loosely defined corollary ‘information’, are difficult to keep secure in government environments when they also need to be shared quickly with relevant stakeholders. Since it has been proven so easy for human failings to leak information outside of secure environments, perhaps now is the time for the UK government to look to technology solutions that allow for the safe storage and appropriate sharing of information, such as those already in use by the Scottish Government today.”
The Scottish Government’s report states: “It is essential to retain public trust in government’s use of information. There must be visible and transparent measures in place to demonstrate that the personal data of citizens is treated with sensitivity, care and diligence.”
Furthermore the proposals included that:
- The Scottish Government should broaden its leadership role and act as the source of centralised, authoritative guidance and assistance for Scottish public bodies.
- The Scottish Government should be proactive in ensuring compliance with security standards, and actively monitor compliance through audits or health checks.
- The Scottish Government’s expectations of public bodies on information security, risk management and data sharing must be clearly defined and easily accessible, and include minimum standards.
- The Scottish Government should ensure that policies and procedures do not create inefficiencies, impede data sharing or legitimate access to information, or create addition risks to the public.
