Every other day there’s another media story about a public sector data breach – from private employee data accidentally posted online, to papers sent to the wrong person by mistake. Inevitably it ends with another story in the media and the Information Commissioner has to issue yet another reprimand or fine.
Are things really this bad when it comes to the protection of information within the public sector? A recent study by Iron Mountain, which looked at how public sector bodies across the UK manage their information, revealed that a shocking one in four (23%) public sector organisations aren’t confident in their approach and recognise they’re putting data at risk on a daily basis.
In addition, six in every ten (61%) respondents said poor information handling has resulted in important documents being lost internally, and 40% have even suffered an external data breach.
Whilst these trends aren’t just confined to the public sector, what differentiates them from incidents in the private sector is that the data breaches are caused overwhelmingly by a single factor: simple human error.
So the high numbers may well be reflective of the reticence in the private sector to report its miscellaneous incidents. Secondly, we should recognise the complexity involved in the governance of information in the public sector.
Due to the current transformation of organisation restructure and the ‘digital by default’ subject, the UK’s public sector is going through a period of transformation.
Many public sector organisations and their employees are struggling to either achieve more with less, or to do things completely differently.
On top of this, the study has shown that one in three organisations has had to make information management roles obsolete, with 91% saying that valuable information handling skills and expertise have been lost.
Well over half (59%) admitted that the remaining staff are having to take on information responsibilities beyond their grade.
Against this background, it is hardly surprising that, when asked to name the weakest link in information management, the majority said over-burdened staff who lack the time to take proper care of data (81%).
Overstretched employees struggling with an increased workload, and additional responsibility they feel ill-equipped to handle, will make mistakes. They will forget to tidy away or secure documents and are more likely send things on or out without thinking or checking.
Those responsible for information management in the public sector need to appreciate this and ensure that wherever possible, risk is removed from employees in such roles – through automation, monitoring and appropriate access controls, for example.
This should form part of an integrated, well-resourced approach to information management that is actively endorsed by senior leadership.
Employees need the time, skills and support to be able to treat information properly. They need clear guidance and policies they understand and engage with. They need to work within a culture of respect and accountability for information, and this needs to come from the very top of the organisation.
Time is running out for organisations to get their house in order. With stricter data protection legislation just around the corner and the challenge of growing data volumes and new digital processes combined with a vast legacy archive of paper records, the time to act is now.
Sourced form Phil Greenwood, Iron Mountain