Government Data Loss Solution: Hold Bureaucrats Accountable?

The release of the British government's "Hannigan Data Handling Procedures in Government: Final Report" in June introduced more regulations on data handling, storage and retrieval.

Departments are being encouraged to make each set of data the responsibility of one person. If that person fails to handle the data, it can become gross misconduct.

Government's Responsibility

In the report's foreword, Sir Gus O'Donnell, cabinet secretary and head of the Home Civil Service, stated: "Effective use of information is absolutely central to the challenges facing the government today -- whether it is improving health, tracking child poverty or protecting the public from crime and terrorism.

"Those in the public service need to keep that information secure in order to build public confidence."

"Government departments are becoming tighter on their data. Some have access to certain data and others do not," said Ian Goodfellow, account manager at storage vendor Hitachi Data Systems.

Resellers are addressing the need for different government departments to gain access to data, while keeping it secure, he said.

Building Secure Answers

HDS recently announced a strategic relationship with healthcare software vendor Mawell. The collaboration between Hitachi and the virtual network creator Mawell M7 will form a solution designed to increase access time to patient records and images for the healthcare sector.

"It is great that the compliance officer has become a key position in the public sector. It is a thorny issue as the answer is not just technology -- it is cultural too," said Goodfellow.

Paul Hickingbotham, solutions manager at storage distributor Hammer, agreed that there is a need for a culture change, but said the issue is more industry-wide than just the public sector.

"With so much press coverage on data loss and security it helps raise awareness of the issue, so the culture change may be enforced naturally."

He said that with vendors embedding data security within operating systems and hard drives, these warnings would go unheeded. The end user may mistakenly think that these measures alone are the answer.

"Data protection will require a specific strategy on additional security-based software and/or hardware, and tighter internal data storage policy controls," Hickingbotham said.

"The key issue is that governance in the public sector, coupled with the growth of digital content, be it education teaching aids or online tax, means that already-constrained IT budgets are pushed to the limit to keep up with the data explosion," he added.

Chris Evans, managing director of reseller OakSystems, said: "There is a lack of people who encrypt their data. People think data cannot walk, but it can.

Encrypted Data

Evans said more public sector organizations should back up their data, as well as encrypt it.

Bordan Tkachuk, managing director of vendor Viglen, said that the government's methodology is best practice. However, he claimed that people's attitudes toward long-term storage investments have to change.

"Budget is sometimes the dilemma, not the technologies available. The business has to buy a technology without knowing how much it will benefit it. Both the technologies and the investments need to be made up front, which is a tough call as every customer wants to know what it will cost them," he said.

"Capacity or security? Speed or compliance? Companies are unsure as to where to spend the budget."

Hickingbotham agreed: "Data protection costs money -- money that the finance decision makers do not have to allocate, or are reluctant to release without showing any return.

"If a business does not have sufficient data capacity, for example, it is a lot easier for them to justify their spending on additional hardware -- with data protection you do not see the immediate effects."

Another storage issue for the public sector stems from the increasing level of information sharing between different government agencies, Tkachuk suggested.

"For example the police may occasionally overlap with childcare -- as data is shared between these two services its capacity increases causing a whole new set of storage issues," he said.

"The data may also be outsourced, so when it is transferred between locations it needs to be secure and resellers need to plug the hole in that dike."