Backup and Storage

Data protection audits ‘would eliminate stupid errors by councils’

More attention would be paid to data security by local authorities if they were regularly audited, it has been claimed.

The Information Commissioner has said he is keen to introduce compulsory data protection audits for local councils in a bid to protect sensitive information.

Christopher Graham said at a meeting of MPs this week that this would put them on a par with central government, which can currently have audits carried out on it at any time, BBC News reports.

He pointed out that it is not enough to simply keep fining local authorities when they make mistakes that lead to data breaches, as that money comes from the taxpayer and then goes back into the Treasury.

Indeed, a series of data breaches have recently been reported by the media. Last month, the Manchester Evening News found that Manchester Town Hall had sent the details of 5,000 housing applicants on a CD out in the post, but the package was lost.

Rochdale Council had also accidentally uploaded some of its residents’ names, addresses and dates of birth to a public website, leaving them open to identity theft before it realised the error and contacted the administrators to have the information taken down.

Mr Graham wants to bring in regular audits so that more attention is paid to data security on a day-to-day basis – although he acknowledged this would not stop problems completely, he insisted it would prevent so much information "being sent to the wrong fax machine or dropped in the street or left on an unencrypted memory stick".

"Until local government gets the message, local council taxpayers will continue to be hit by civil monetary penalties for really basic stupid errors," the commissioner said.

However, he revealed that the Department for Communities and Local Government is currently "surprisingly opposed" to his suggestion.

Security breaches such as those mentioned above could be avoided with electronic document storage in the cloud.

Third party organisations like Dajon can take information from all kinds of companies and store it securely so there is less risk of accidental uploading to public sites.

Even old papers can be scanned and maintained electronically so staff do not need to be carrying paper around that features sensitive information.