Tough data security sanctions put on UK govt

British Cabinet Office publishes mandatory measures to prevent repeat of data loss

The UK's Cabinet Office has published a range of mandatory measures to prevent a repeat of the data loss scandal that hit HM Revenue & Customs (HMRC) last year.

Any disc, USB stick or laptop containing sensitive information will have to be encrypted if they are taken out of Whitehall, as part of the government security technical measures in a report published by the Cabinet Office.

Other measures include mandatory training of all civil servants on data handling and protection, compulsory penetration testing of departments' networks and privacy impact assessments for all service delivery projects.

Security roles are to be standardised across Whitehall to ensure that someone is clearly responsible for data handling in each office, the report says.

The report, published by Cabinet Secretary Sir Gus O'Donnell, follows a spate of independent reviews published late last month that slammed the government on its poor track record of data protection.

Another report and an Independent Police Complaints Commission (IPCC) into HMRC's loss of CDs holding the names, addresses and bank details of the 25 million people claiming Child Benefit found data security "woefully inadequate". The government agency was accused of failings in "institutional practices and procedures" concerning data.

Also published on the same day, the Burton Review into the loss of a Ministry of Defence laptop found the agency was "not treating information, knowledge and data as key operational and business assets".

Join the newsletter!

Error: Please check your email address.

Tags data lossSecurity IDhmrcguildelinesuk cabinet office

Show Comments
[]