Local authorities face the challenging task of managing ever-growing volumes of records, covering anything from council taxes to confidential information about local schools. Furthermore, they must manage this data securely while dealing with the pressures of cutting costs and improving the overall efficiency of the services they provide to the public. If the protection of this information is not prioritised and is somehow compromised, severe financial penalties and reputational damage will soon follow.
In the UK, the 1998 Data Protection Act requires controllers of personal data to take appropriate measures to prevent data being “accidentally or deliberately compromised”. Some of these measures include having robust policies and procedures in place, and reliable, well-trained staff. If a local authority fails to comply with these measures and a serious data breach occurs, the organisation can face fines up to £500,000.
Despite the obvious risks and reputational damage caused by a breach, local authorities are simply struggling to find the time to manage and protect information properly. A recent study by Iron Mountain, The challenge of sharing information management in UK local authorities in 2016 and beyond highlights the challenges faced by records and information managers.
The study found that 57% of records and information managers have just a few seconds to handle every record they are responsible for and do not have enough staff to deal with day-to-day information management demands. Complicating the issue further is how leaders in other areas view the scale of the problem. According to our study, 50% of records and information managers believe the number of cases involving poor information management has gone up, while only 35% of leaders in other departments agree. There is also a lack of faith within local authorities about their organisation’s ability to manage large volumes of information securely and in accordance with data protection legislation. Approaching half (42%) of records and information managers and leaders in other departments don’t trust their colleagues to adhere to data protection legislation and/or don’t trust them to manage information securely (45%).
In the face of these problems, it is difficult to see what steps local authorities can take to get a better grip on information management. But there are steps they can take. Below are some recommendations on how our local authorities might address the complex information challenges they face.
Overcome cultural and communication barriers
Different working practices and styles mean that teams do not always share or store information across departments in a consistent way. Lowering cultural and cross-departmental barriers within a local authority could go a long way towards helping councils manage information more effectively.
Setting up steering committees can be a useful way to keep communication channels open and align different teams on problems and policies. Once established, steering committees can enable senior leaders and internal stakeholders to communicate regularly with one another about processes, discussing what works well and how to make future improvements.
Educating staff on the latest data regulations
New data protection regulations are constantly on the horizon. One such is the GDPR, which is set to come into play in 2018 if Brexit does not disrupt current plans. It’s vital that everyone in the local authority is prepared and trained on how to meet data protection requirements. Educate staff so that they are up to date on the latest information management processes, correct procedures and best practice, as well as the potential consequences of mis-managing sensitive information. Every member of staff needs to acknowledge and own their role in helping to keep sensitive information secure, regardless of the time pressures they may be under.
Balancing organisational pressures with data security
Outsourcing to a trusted third party can help free up time and resource. Secure storage and destruction are areas for consideration. A third party should be able to advise on retention schedules and have high-level security to help safeguard sensitive records, leaving information managers with less to worry about. This will allow them to focus on strategic operations that will deliver better services and value to the public, without compromising the integrity of the information for which they are responsible.
Conclusion
Avoiding data breaches is vital if local authorities are to inspire trust amongst the communities they serve. The good news is that there are actions information managers, senior leaders, and stakeholders within local authorities can take to help establish best practice that others can then follow.
Closer collaboration and better education in particular will help solve some of the complexities of information management within the organisation. Putting these measures in place will help everyone work towards one common goal – treating sensitive data with care, while using it to deliver a higher level of service to the local community.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.