Data Handling in Government
The recently published Cabinet Office report ‘Data Handling Procedures in Government’ defines what government is doing to protect citizen’s personal data. The LGA will shortly produce equivalent guidelines for local government, which will be supported by the Information Commissioner as good practise and their implementation will be monitored by the Audit Commission.
Sensitive personal data is now defined in simple terms, as are the core measures required to protect it. This means that information linking an identifiable individual with information that, if released, would put them at significant risk of harm or distress, or any source of information relating to 1000 or more individuals that is not in the public domain, even if the information is not likely to cause harm or distress, must be protected. Protection requirements mean such data can only be transferred securely.
Transfer of protected data using means less secure than available is not adequate and could result in enforcement action by the Information Commissioner or even fines. A precedent of such enforcement has recently been established.
In addition to core measures of data protection the new data handling guidelines require greater awareness to be established through improved training and HR processes. Greater accountability for information risk will be established and there will be increased scrutiny. Information assurance is to be part of the Statement of Internal Control and the Information Commissioner has powers to undertake spot checks.
Meeting the Government Connect Code of Connection is entirely consistent with managing your authority’s data protection risks. Authorities need to act immediately to improve information security. Expert help is available through Government Connect.
©2008 Government Connect |