Feeds

UK government data protection is a shambles

Freedom of information? We've heard of it

Choosing a cloud hosting partner with confidence

The UK Government has failed to put in place basic data protection and integrity policies despite recent major information breaches, according to an online ID firm.

Responses to Freedom of Information requests by online identity firm Garlik reveal that all 14 of the government departments that responded lack basic systems for proving compliance with the Data Protection Act (DPA). Garlik sells services that allows consumers to identify what personal information about them is in the publicly available and manage how their identities appear online.

The DPA states that an organisation needs to act if someone tells it the information it holds on them is inaccurate. But only the House of Lords and the Serious Fraud Office maintained a written data correction policy or protocol. Even these government bodies failed to maintain regular independent audits.

Government departments including HM Revenue and Customs, the Department for Work and Pensions, Ministry of Defence, and the Independent Police Complaints Commission lack basic systems for proving compliance with the DPA - handling errors on an ad-hoc basis, if at all. The Department of Health claimed it had never been asked to correct data.

Garlik chief executive Tom Ilube said: "With HMRC and DWP data breaches fresh in people’s minds, these admissions reflect a surprising disregard by Government for the value of our personal information. These gaps and the absence of independent audits point to the root causes of the recent data breaches – a lack of robust accountability."

Ilube told El Reg that government departments ought to apply the spirit as well as the letter of DPA regulations. To do that, government departments "must have audits and show they have processes and procedures in place" to allow the public to correct inaccurate data.

"The mindset in government departments seems different from that in private sector organisations, such as banks, which know they have to audit. There are real consequences if the data on citizens held by government is wrong," he added.

With the national identity register and huge NHS databases on the horizon, the public can have little confidence that data held about them by the government is correct. As a result, important decisions affecting their lives may be based on erroneous information, Garlik warns.

Large scale databases typically have an error rate of between five and ten per cent, Garlik said, so a government database containing 10 million records might have between 500,000 and one million errors.

Garlik is calling on the government to pull up its socks by establishing written policies and procedures for monitoring the accuracy of information and correcting erroneous database entries. It also wants government departments to publish reports based on periodic independent audits. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
BT said to have pulled patent-infringing boxes from DSL network
Take your license demand and stick it in your ASSIA
Right to be forgotten should apply to Google.com too: EU
And hey - no need to tell the website you've de-listed. That'll make it easier ...
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.