Public Sector organisations admit to poor attitudes towards treatment of confidential data
London, UK – 8th September 2008 – Research from Clearswift has found that public sector organisations are not dedicating enough time and resource to Information Assurance (IA), putting them perilously at risk of suffering from data breaches.
According to the first piece of research, conducted by Clearswift and IA08, the government’s Information Assurance Event, (“IA and Organisational Responsibilities in the Public Sector, 2008”), 53 per cent of respondents – all of whom either work within or for a public sector department – felt that their organisation didn’t spend enough time on IA issues. At the same time, a separate Clearswift research report (“Worldwide Data Loss Prevention Trends, 2008”) found that almost one in five (19 per cent) of UK IT decision-makers in the public sector admitted to having experienced at least one incidence of data loss in the last 12-18 months.
Further findings from the data loss report revealed over half (62 per cent) of IT decision-makers in the public sector are unaware of the proposed introduction of data breach notification legislation – demonstrating a surprising lack of awareness of the issue given the recent media attention surrounding the proposed legislation. In addition, an overwhelming majority (85 per cent) don’t believe the general public should be informed if a data breach occurs.
“When it comes to handling data in the public sector, there appears to be a major fault line emerging between operational objectives and public expectations,” said Richard Turner, CEO at Clearswift. “Public sector organisations are either concealing or ignoring their obligations whilst consumers and the public are looking for answers. Organisations need to have appropriate measures in place or are at risk of permanently harming public trust, and failing to meet their goals for transforming government.”
Clearswift’s IA 2008 Research also suggests that 40 per cent of senior management have little or no understanding of IA, and that 32 per cent of board members have discussed IA fewer than four times at board meetings in the past year. Forty-nine per cent of public sector employees polled felt that their organisation’s IA procedures could be significantly improved, whilst 86 per cent also felt that IA procedures could be improved significantly across the UK government as a whole.
“Information Assurance is not a software patch or a firewall. It’s a way life,” said Turner. “It needs to be embedded into an organisation’s ethos and a mission-critical issue urgently needs support and attention from board level executives. Even then, it may not keep you off the front page, but it will eradicate foolish mishaps and help restore public faith in your services.”
When asked about the possible impact of data breach notification legislation, almost half (46 per cent) of UK public sector respondents envisage their annual IT spend increasing by at least five per cent, and 24 per cent of public sector IT managers expect that increase to be at least ten per cent. In comparison, nearly one in four (24 per cent) US public sector respondents who currently adhere to data breach notification legislation said they had seen no change in their IT spend since its introduction. This compares to only 15 per cent of private sector IT managers.
Clearswift's content security technology helps companies monitor all content leaving their organisation via e-mail and the internet, and implements policies to secure the exchange of information with trusted partners to prevent the loss of confidential information, whether accidentally or maliciously. Clearswift solutions are cost-effective, easy to implement and manage, coming pre-configured to get up and running quickly and containing a simple user interface. Clearswift solutions also protect organisations from spam, viruses, spyware and web-borne malware and enforce policies on acceptable internet usage.
