Survey reveals doubts about public sector data security

A new survey has highlighted some glaring issues surrounding data security in the public sector.

The GovNewsDirect Public Sector Data and Information Security Survey, timely given the ransomware attack on Lincolnshire County Council, aims to give public sector staff the opportunity to benchmark their organisations against others and explore specific areas of concern.

The survey, completed by over 600 respondents towards the end of 2015, provides a detailed analysis of the challenges facing public services. The survey found that:

  • 65% had serious concerns regarding data security within their organization
  • ‘Errors by Staff’ and ‘Simple Loss of Data’ were the greatest concerns.
  • ‘Denial of Services by Hackers’ was of least concern to those surveyed.
  • 55% of all security breaches originate from someone with access already.
  • Data loss can be malicious but more often than not, it is accidental or the result of human error.


Candid comments

All respondents were granted full anonymity in their report of their concerns surrounding their organisation’s data loss incidents and procedures, resulting in many additional candid and disturbing comments.

A significant number of staff commented on their organisation’s shortcomings with safeguarding public data, with one respondent stating that, “We have no consistent or centralised reporting system, it is all ad-hoc”, whilst another individual revealed that, “We only review systems and processes after events/incidents”. Some respondents confessed that management of data was hindered due to “…legacy infrastructure” and “old” or “basic systems”.

With the advent of the new EU legislation (GDPR), the public sector must be prepared for a more modern yet tougher data protection policy. There is now a pressing need for all organisations to implement data security safeguards or risk punitive fines.

The management of data access rights (who has access to data within any organisation at any one time) was a key focus of this survey. Access rights affects all levels of management and a large number of respondents reported that access management left an organisation vulnerable to data loss, attacks or breaches.

Related reading