WRITTEN ON March 10th, 2008 BY Sir Bonar Neville-Kingdom GCMG KCVO AND STORED IN Uncategorized

Sir Bonar writes

The security of information is very much a hot topic around the management board tables of Whitehall. I know myself from personal experience that in these days of 24-7, flexible working it can often be difficult to know where and when to read official government papers securely.

Indeed, there was even one occasion recently as I was reviewing a Cabinet Sub-Committee agenda in the back of my car when I noticed a cyclist, drawn up alongside the vehicle at the traffic lights, who appeared to be making every effort to read the document. I well appreciate that not everyone in the Civil Service has the privilege of using the Government Car Service or indeed the security of a lead-lined box in which to transport one’s confidential papers, but even those of us who do cannot be too careful in this age of what I call data proliferation.

You will recall the recently well-publicised episode at Her Majesty’s Revenue & Customs. Personally, I didn’t see what the fuss was about, particularly as I’m led to believe most of the people affected would have already uploaded such information to popular facial networking sites such as YouSpace already. Anyway, there was a media stink which led to the unfortunate departure of my good friend and colleague Paul Gray.

Only a few days later I found myself chairing the bi-annual review of the Department’s risk management dashboard, and data security was at “red” on the risk register. This must be seen as the direct result of a combination of unhelpful stories in the news media and the continued efforts by outsiders to gain unauthorised access to our data.

It would be inappropriate to name names in this open “Web Log” forum, but suffice to say that when the media raise questions about the Civil Service’s competence in managing large government databases, they should pay rather more attention to the concerted and determined efforts of third parties to gain illegal access to our information.

The ICT industry has been beating a path to my door over the past few months, urging Government to procure new software, adopt new standards and implement new procedures to address concerns about data security. Whilst we have listened carefully and are currently considering our response, which is due to be published in the autumn, I just wonder whether the time hasn’t come for a more radical approach.

So let me end this second Blog Casting with a challenge. Is it not time to manage better the risks associated with so many government databases by consolidating them all into one system? A single system could be hosted at a single site, with the physical security risks attended to by the appropriate agencies. One database would do away, after “data-cleansing”, with any anomalies or inaccuracies.

The clever part of this approach is that at the same time we could realise all the benefits we seek from data sharing without the need for actual physical data sharing. My good friend David Varney missed a trick here, as I take great pleasure in reminding him. Instead of the complicated mess of data sharing, we take the one simple step of data integration.

Many of the security problems encountered in recent months by HMRC, the MoD and DWP arise at the very moment where we share data between departments. If we do away with the need to share data by integrating all the data on to a single system, at a stroke we do away with the security problems associated with data sharing, couriers, postal systems and such like.

In this way both the Civil Service, under the aegis of the Cabinet Office, and the public could be confident that services are better co-ordinated, more efficient and personalised. Access could be far more tightly controlled to the important data held on the single government database.

I feel this would also go a large way to restoring what I call the “processing balance” in society. This is a theme to which I look forward to returning shortly in a future Blog Cast.