Print
Discuss
Send to friend
RSS feedsAll government departments will have to encrypt important information held on discs, USB sticks or laptops following a wide-ranging review of government security practices by the Cabinet Office.
Other measures to be put in place across government include compulsory penetration testing of departments' networks, mandatory security training for civil servants and privacy impact assessments for all service delivery projects.
Information security will also become part of the gateway review process, which examine the potential risks of government projects before they proceed.
The work was commissioned following the loss of two unencrypted discs containing the child benefit records of 25 million families, and is published on the same day as the Poynter Review into that incident, as well as the Burton Review into the loss of a Ministry of Defence laptop.
Cabinet secretary Sir Gus O'Donnell said the report aims to give government a framework to improve the way citizens' data is protected.
"Although no organisation, public or private, can ever guarantee that it will never make a mistake, I believe the measures we are announcing today will ensure the public can be assured we are taking the necessary measures to keep people's data secure," he said.
The safeguards will also be worked into contracts with private sector companies undertaking government work that may comprise access to citizens' information.
The Information Commissioner welcomed the moves.
See also:
Email indicates that security measures introduced after HMRC breach are not working 09 May 2008
In many cases staff in question were dismissed 01 May 2008
Office will be given ability to spot check central government 22 Apr 2008Some 85 per cent of people now refuse to give out personal details wherever possible 20 Mar 2008
Security experts urge tighter controls on who can access information 06 Mar 2008All Public Sector IT Tags: Security, Government
del.icio.us
Digg this
reddit!
