18 November 2008
A new publication launched today shows councils the steps they need to be taking to keep their resident’s data safe.
'Local Government Data Handling Guidelines', highlights the best examples of secure data handling, provides local authorities with a essential checklist of actions, and sets the standard for local government into the future.
The Local Government Association/Welsh Local Government Association, has worked closely with the Society of Information Technology Management (Socitm) and with central and local government in preparing these guidelines. The standards that local government is setting itself are challenging, but necessary to rebuilding public confidence in the public sector ability to protect personal data.
The Society of Local Authority Chief Executives and Senior Mangers (SOLACE) and the Information Commissioner have both welcomed this latest publication.
The Improvement and Development Agency (IDeA) will provide initial advice and guidance while it develops proposals to support local authorities in achieving compliance with the guidelines and the Government Connect Code of Connection. This programme will be funded by a £250k grant from Government Connect and additional resource from the LGA/WLGA and IDeA. Further details will be forwarded to you shortly.
Jointly commenting on the guidance, Paul Coen, Chief Executive of the LGA and Steve Thomas, Chief Executive of the WLGA said:
“These new guidelines show how seriously local government takes the issue of secure data-handling, by ensuring standards in councils are equivalent to, or exceed, the best practice identified in these guidelines, the public can be reassured that all reasonable steps are taken to preserve and protect their information.
“These guidelines set out the fundamental steps that every council should take to lessen the ever present risk of personal information being lost or data protection systems failing. They provide chief executives, senior managers and elected members with a vital aid in living up to their responsibilities and being accountable for proper handling of personal information.
“A lot of excellent work has already been done but there is still more to do; the pace of technological development means councils always need to be aware of new risks and threats.”
Richard Thomas, Information Commissioner, said:
“I welcome these guidelines as a significant step towards ensuring the consistent, proportionate and secure use of personal information by government at all levels.
“They make an important contribution to the aim of the Information Commissioner’s Office, which is that all organisations should inspire trust by collecting and using personal information responsibly, securely and fairly.
“I believe that if councils effectively implement the steps set out in the guidelines, they will significantly reduce the risk of incidents and problems, and in doing so, help build the necessary public trust in the handling of personal information that recent and well publicized incidents can only have eroded.
Richard Steel, President of Socitm said:
“It's a long time since data security could be considered as something for just the IT department to worry about. It’s a concern that should run through the entire organisation. If local government is to meet the challenge of improving public trust it will be firstly by, creating the right culture, and secondly, by having the right policies and procedures in place to provide accountability and scrutiny.
“Socitm look forward to working with the LGA/WLGA and IDeA in supporting councils in implementing the local government data handling guidelines and in achieving compliance with the Government Connect Code of Connection.”
For copies of the publication please visit: http://www.idea.gov.uk/datahandling
ENDS
Notes to editors:
About the guidance:
The Guidelines provide chief executives, senior managers and elected members with a guide and essential checklist to their responsibilities and accountability for secure and effective handling of personal information but recognises that councils are best placed to assess their own risk and put in the necessary safeguards which are often equivalent to, or exceed, those set out in this document.
The material in this document reflects good practice as set out in the ISO/IEC 27000 (Information Security Management System) series and is also aligned with Central Government Information Assurance policy , produced by CESG (the Communications and Electronic Services Group, part of GCHQ). It is not exhaustive and relies upon other initiatives, legislation and processes for completeness.
About GC
Government Connect is an IT programme jointly funded by the Departments for Communities and Local Government, Children Schools and Families and Work and Pensions. The Objective of Government Connect is to implement a variant of the Government Secure Intranet (GSI) to all local authorities in England and Wales. The programme is governed by a board chaired by Janet Callender, Chief Executive of Tameside and represented by the three funding central Departments plus the Local Government Association, IDeA and Socitm.
For more information contact: Natasha Weeks