Thursday, 27 December 2007

Data security

The recent rash of press reports of losses of data by public sector organisations has resulted in pressure for data not to be stored and collected together. Commentators have called for data to be made hard to access, e.g. left on paper in a doctors waiting room, as a data security mechanism. Unfortunately fragmenting data storage tends to mean that lots of people with no appreciation of data security will be responsible for it, and instead of stolen laptops we'll hear about skips full of discarded paper medical records.

Is generally accepted that data should only be stored and collected together where doing so creates value to the individual, or possible society as a whole. Sadly the prevailing culture is not to discuss openly why data is held, and certainly not to give individuals a say in what is stored (or even its accuracy). It's equally important that only data needed to create the value is stored especially data that enables individuals to be identified or used to compromise an individuals well being.

My feeling is that unless the publec sector become open and professional about data security an essential foundation of transformational government will be compromised. None of what I've said is rocket science all you in the public sector please take data security seriously and make it the explicit responsibility of people who understand it.