Print
Discuss
Send to friend
RSS feedsThe HMRC data loss scandal, in which the personal records of 25 million citizens went missing, happened a year ago, but experts warn that sensitive data will continue to haemorrhage from organisations unless the correct policies, processes and technologies are put in place.
The government has lost an average of one PC a week over the past year, according to figures obtained by the Conservative Party, but a combination of human error and poor processes have continued to undermine attempts to address the failings, said security experts.
Gary Clark, European vice president at data encryption firm SafeNet, argued that the government needs to focus on ensuring that data cannot be accessed by anyone outside the department to which it belongs.
"We should be able to trust that stringent practices are in place to secure our personal data," he said. "These should include identifying process weaknesses, adopting robust security standards and encrypting all sensitive data."
Philip Wicks, a security expert at IT services firm Morse, emphasised the importance of stringent policies and procedures that either stop people being able to download sensitive information onto these devices, or make sure that the data is encrypted.
"Organisations need to ensure they have controls in place to protect the data on laptops, phones, memory sticks and other removable storage devices so that, if they are lost and end up in the hands of criminals, the data cannot be used for unscrupulous purposes," he said.
Phil Bridge, UK managing director at computer forensics firm Kroll Ontrack, pointed out that human error is a major contributing factor to the government's data loss incidents.
"It is clear that data protection technology is moving faster than human procedure," he said. "Employees must be trained to view methods like encryption as standard business processes, not practices reserved for special occasions."
However, Paula Barrett, a partner at international law firm Eversheds, believes that the government is slowly learning the lessons from the HMRC breach, and that new standards for data protection are being drawn up.
"Organisational and technical changes are needed, but so too is widespread raising of the awareness of what those standards are," she explained.
"This is not something that can be implemented by information assurance personnel alone. Buy-in has to come across the department. Accountability is therefore also a key element."
Barrett added that further legislation could be on the way to force organisations to take data protection more seriously. "Changes are afoot. Await with interest the content of the Queen's Speech in a few weeks' time," she said.
All Information management technology
del.icio.us
Digg this
reddit!
