Government fails to protect data

By Blaine Williams

The government is failing to train its staff on how to protect sensitive information, a Freedom of Information Act (FOI) request has found.

The request was made to 16 government departments and shows that most have yet to implement a basic level of training on data handling, despite high-profile losses of government data.

In June 2008, cabinet secretary Gus O’Donnell published the data handling bill which committed all departments to mandatory training for people with access to privileged information.

Training within each department should have commenced by the end of October 2008 but the FOI request found that many of the 16 departments asked have failed to achieve this.

The Department for Schools, Children and Families admitted it had no IT security training at all.

The report also mandates that employees who handle personal data must have an annual refresher course, but 11 departments have revealed they do not have any provisions for refresher courses.

Eight of the government agencies have said they have no budget for IT security training this year; this included the Ministry of Justice, the Treasury and the Foreign and Commonwealth Office.

Robert Chapman, chief executive of Firebrand Training, which issued the FOI request, said the government was “failing to demonstrate a commitment to data protection”.

“The education of employees is essential to any organisation’s security,” he continued.

“We rely far too heavily on IT departments. It is clear that inadequate training and inconsistency between departments has produced a naiveté among government employees.”

The government lost 25 million child benefit records in November 2007, which included National Insurance numbers, name and address and people bank/saving account details.