Digital Transformation

ICO drives home data security message with public sector penalties

Two recent fines served by the ICO drive home the need for public sector organisations to safeguard sensitive data.

The prospect of confidential data being lost or stolen is a huge concern for any organisation, whether that’s a startup that needs to safeguard its intellectual property or an entity on which the wellbeing of the general public depends.

Recently, the standard of data security found in large UK public sector organisations has come under particular scrutiny. On October 22nd, notably, the Information Commissioner’s Office (ICO) served a huge £140,000 penalty to the Ministry of Justice for a serious data breach that led to details of 1,182 prisoners being leaked to three of the inmates’ families.

A no less serious leak incurred an £80,000 ICO fine for North East Lincolnshire Council earlier this week (October 29th) – the 2011 loss of an unencrypted memory stick containing sensitive personal details on 286 children with special educational needs. The device has never been recovered.

Neither of these breaches involved the sort of data on which a business might sink or swim, but that’s not to say they’re not deeply alarming. In the latter case, according to the ICO, the council’s own report acknowledged that the children affected could "suffer ill-health due to the loss".

In light of the penalty levelled at North East Lincolnshire Council, the ICO’s strategic liaison group manager Dawn Monaghan drew attention to the poor track record in data security shown by local government in particular – a sector that has incurred fines totalling more than £2 million in the last three years alone.

Councils are often "stuck in an apparent cycle of all too common mistakes", she wrote in a blog post on the regulator’s website, claiming she saw "the same errors and oversights" at local authorities around the country.

These apparently chronic problems in the public sector show that no organisation is infallible when it comes to keeping sensitive information safe. They also highlight how poor standards in data security can have far-reaching consequences – not least undermining the public’s trust and confidence.