The Cabinet Office has published a range of mandatory measures to prevent a repeat of the data loss scandal that hit HM Revenue & Customs (HMRC) last year. Any disc, USB stick or laptop containing sensitive information will have to be encrypted if they are taken out of Whitehall, as part of the government security technical measures published by the Cabinet Office.
Other measures include mandatory training of all civil servants on data handling and protection, compulsory penetration testing of departments’ networks and privacy impact assessments for all service delivery projects.
Security roles are to be standardized across Whitehall to ensure that someone is clearly responsible for data handling in each office, the report said.
The report, published by Cabinet Secretary Sir Gus O’Donnell, follows a spate of independent reviews published on Wednesday that slammed the government on its poor track record of data protection.
Yesterday’s Poynter report and an Independent Police Complaints Commission (IPCC) into HMRC’s loss of CDs holding the names, addresses and bank details of the 25 million people claiming Child Benefit found data security “woefully inadequate.” The government agency was accused of failings in “institutional practices and procedures” concerning data.
Also published on the same day, the Burton Review into the loss of a Ministry of Defence laptop found the agency was “not treating information, knowledge and data as key operational and business assets.”