Digital Transformation Ends in Breaches For 40% of UK Public Sector

Written by

Nearly half (40%) of UK public sector organizations have suffered a data breach as they struggle to keep up with the pace of digital transformation demanded by Westminster, according to Iron Mountain.

A report commissioned by the records management firm claims to have uncovered a “landscape of confusion and potential risk, where records and information management is being placed under considerable strain thanks to the internal and external pressures of change.”

Worryingly, nearly one third (30%) of respondents said they have had to reduce the number of information management roles, while 91% said information handling expertise had been lost as a result.

Employees tasked with such roles today are over-stretched (81%), lack the relevant skills (60%), or are required to take on roles beyond their grade (59%), the report claimed.

With this backdrop it’s perhaps not surprising that 40% of respondents claimed to have experienced a breach, while 61% said they have lost important documents.

Other notable failings highlighted by the report include a “disconnected approach to information across teams” (71%); staff who fail to stick to guidelines (57%); and an acknowledgement that public sector organizations’ approach to records management is ineffective (23%).

However, despite these challenges, three-quarters of senior public sector officials interviewed for the report claimed that their approach to records management is fit for purpose.

Public sector bodies are regularly fined by privacy watchdog the Information Commissioner’s Office (ICO) for data handling errors.

Brighton and Sussex University Hospitals NHS Trust has been the biggest offender to date – having been fined a whopping £325,000.

Freedom of Information requests to the ICO from encryption firm Egress comparing April-June 2013 with the same period last year found that simple human errors accounted for 93% of breaches, rather than technical issues.

Human error topped the list, alongside poor processes and inadequate systems.

Separate research from consultancy IT Governance last year found that the average cost of a data breach as a result of action by the privacy watchdog was over £35,000.

It revealed that the ICO doled out £2.17m in fines from January 2013 to October 2014, with 94% of notices issued as a result of poor information security.

What’s hot on Infosecurity Magazine?