Sunday 5 July 2009

Secret Service tells UK Government not to Publicly Disclose Data Breaches

Are you wondering why there haven’t been any UK Government Department Information breaches making the news headlines in recent months? Has our government departments resolved their poor Information Security Management and poor security cultures? Has other topics such as swine flu and dodgey MP expenses claims kept government data breach headlines out of the press?  I would love to think UK Government Departments have cleaned up their Information Security Act, as I know serious efforts are being made, however we can't really be sure government have stemmed their poor information management tide, as I heard another reason which goes to explain why the once steady drip of media coverage of government departments data breaches has come to a halt.

I don’t want to name any names, but I heard a member of government committee working on the Digital Britain report say, government departments had been advised by a UK security service department to stop publicising data breaches, because it is letting our enemies know our weaknesses. If this is indeed true, I have to say I really don’t agree with this sweeping under the carpet approach, for one the cat is out already out of the bag regarding our government track record on security, tens of millions of records have been lost that we know about, so I think our enemies already know about our weaknesses!

I am a supporter of the public disclosure of data breaches where the public's personal information is involved, to the extend I would like to see UK laws passed to ensure all organisations, both within the private and the public sectors, disclose any data breaches where citizen personal information has been actually or potentially compromised. The reason we need such laws is I feel it is the only real way entire industries and individual organisations will be bothered enough to raise their information security to the required standards, and better secure all our personal information. I believe it should be a fundamental right that we are informed if (more like when) our government or indeed a private company, loses our personal information, placing us at increased risk of serious cybercrimes like identity theft, which is the UK’s fast growing crime. Only by holding government department heads and business senior directors to account for such breaches, will organisations truly recognise the importance of properly securing our personal information, which after all we have entrusted in their care.

No comments: