88 per cent of organisations claim their Freedom of Information (FOI) responses are fully compliant with data protection laws, despite a rise in FOI-sparked data breaches
Public sector organisations are struggling to balance demands for transparency with the need to protect data, according to a study[i] from Iron Mountain (NYSE: IRM). While an overwhelming 96 per cent of public sector bodies claim to be prepared for all FOI requests, and 88 per cent say their responses comply with data protection laws – a third (35 per cent) admit that skills gaps are putting this at risk. The Information Commissioner’s Office has felt compelled to issue advice to organisations on how to reduce the number of FOI-related data leaks.
Iron Mountain spoke to senior executives responsible for information management and digital transformation in a wide range of public sector bodies. The research uncovered a landscape of contradiction as organisations insist they can cope with FOI requests, but are at times compromising sensitive and confidential records as a result.
Examples of such behaviour include a council sending out the names and National Insurance numbers of 1,800 benefit claimants in response to an FOI request about housing; and an ambulance service revealing the religious beliefs of its 2,800 staff in response to an unrelated request from a local radio station. The ICO has become so concerned about this trend it has issued a warning and advice to public sector bodies[ii].
The Iron Mountain study also found other areas that could reduce an organisation’s ability to respond effectively and securely to FOI requests. In 61 per cent of organisations, documents are regularly lost internally or misfiled, while the closure or relocation of public sector offices has compromised the accessibility of important information for half of those surveyed (51 per cent).
“The trials of transparency are proving a real, if unacknowledged, challenge for the public sector,” said Phil Greenwood, Director, Iron Mountain. “The number and nature of related data-breach incidents speak for themselves. Freedom of Information is an important and worthwhile right, and one that open democracies can be justifiably proud of. We just need to make sure that responses are handled with care, accountability and responsibility so that individual data protection rights are not compromised. Among other things, this requires professional information management and support, skills training and effective policies and guidelines. The ICO issued its advice a year ago, and yet the incidents are still happening – it’s high time we all worked together to make it stop.”[su_box title=”About Iron Mountain” style=”noise” box_color=”#0e0d0d”]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.