- Security TWENTY
- Women in Security Awards
Public sector bodies are struggling to balance demands for transparency with the need to protect data. That is according to a study from the data management contract company Iron Mountain. While 96 per cent of public sector bodies claim to be prepared for all Freedom of Information (FOI) requests, and 88 per cent say their responses comply with data protection laws – a third (35 per cent) admit that skills gaps are putting this at risk. The Information Commissioner’s Office (ICO) has felt compelled to issue advice to organisations on how to reduce the number of FOI-related data leaks.
Iron Mountain says that it spoke to senior executives responsible for information management and digital transformation in a range of public sector bodies. The research uncovered a landscape of contradiction as organisations insist they can cope with FOI requests, but are at times compromising sensitive and confidential records as a result.
Examples of such behaviour include a council sending out the names and National Insurance numbers of 1,800 benefit claimants in response to an FOI request about housing; and an ambulance service revealing the religious beliefs of its 2,800 staff in response to an unrelated request from a local radio station. The ICO has become so concerned about this trend it has issued a warning and advice to public sector bodies.
The Iron Mountain study also found other areas that could reduce an organisation’s ability to respond effectively and securely to FOI requests. In 61 per cent of organisations, documents are regularly lost internally or misfiled, while the closure or relocation of public sector offices has compromised the accessibility of important information for half of those surveyed (51 per cent).
Phil Greenwood, Director, Iron Mountain, said: “The trials of transparency are proving a real, if unacknowledged, challenge for the public sector. The number and nature of related data-breach incidents speak for themselves. Freedom of Information is an important and worthwhile right, and one that open democracies can be justifiably proud of. We just need to make sure that responses are handled with care, accountability and responsibility so that individual data protection rights are not compromised. Among other things, this requires professional information management and support, skills training and effective policies and guidelines. The ICO issued its advice a year ago, and yet the incidents are still happening – it’s high time we all worked together to make it stop.”