There is a suggestion that councils and local authority agencies are concentrating too heavily on data collection as opposed to data security. We know councils need a lot of private and sensitive information for a number of legitimate reasons, so why aren’t they protecting it properly?
Recent studies have exposed startling statistics: from one in four councils suffering security breaches in the last five years, to more than 75% of councils failing to provide mandatory data protection training.
Councils are collecting the data, so why aren’t they securing it?
We know cybersecurity doesn’t always come cheap, and we know that many public-sector organisations continue to feel the pinch of cost-cutting government policy, but there really is no excuse for failing to protect data. With large amounts of sensitive data comes an inherent need to secure it appropriately. Any failure to do so will only lead to data protection breach victims and costly consequences for councils.
So, how can it be that councils are so unprepared for cyber attacks?
With Wigan Council recently slammed for a large number of data breaches, it seems to be a simple case of failing to prioritise data protection.
It seems clear that councils and the agencies they outsource work to are failing to prioritise data security, and with an increasing number of online platforms and facilities available to constituents that are designed to make lives easier comes the need to ensure systems and servers are always secure.
It’s all very well saving costs by using systems and online tools, but funding still needs to be allocated for data protection and cybersecurity.
With councils holding a wealth of personal information, financial information for matters like council tax, and local services holding data for persons with disabilities, or families and children using social services, the data they hold is rich and it is sensitive. If such data is leaked, the impact this can have on a person when it comes to their sensitive information being leaked can be incredibly distressing and even life-changing. When it comes to personal information and financial information, a victim may be one step away from becoming the next target of fraud or identity theft.
For these reasons, councils and local authority agencies have an increased duty and responsibility to look after the wealth of personal and sensitive data they hold. Councils are under almost continual attack from basic phishing exercises to direct attacks where criminals are trying to break into servers and systems.
Council data protection breaches are often serious and highly sensitive. Councils must shape up or face the consequences!