Sections
Treasury issues some reassurance to residents on the security of their personal data
On the 21st November, 2007, a Treasury Press Release announced that the Minister, Allan Bell MHK had ordered a ‘Data Security Review’.
This measure was announced following the loss of personal data, on a massive scale, in the UK by HM Revenue and Customs.The Minister was quoted as saying: “There is no reason to think there is any problem with our procedures. However, in the light of what has happened in the UK it is sensible and prudent to review our policies and processes to confirm that we comply with best practice when it comes to minimising the risk of data loss.”The press release went on to explain that the Isle of Man Government has high-level information security and data protection policies. It has a Code of Best Practice on the Maintenance of Information Security, and there are references to information security in its Financial Regulations.Three years ago the Treasury’s Information Systems Division became one of the first organizations in the world to gain accreditation to the new international standard on information security ISO 27001, which is audited every six months.The standard covers a wide range of security issues, including the protection and encryption of data into coded form when it is transferred on to disks.This was subsequently followed up by a further Treasury Press Release, dated 1st July, 2008.This stated that a recent internal review of Information Security has concluded that systems are sufficiently robust to give a reasonable level of assurance. However, the subsequent report has recommended further tightening of the Isle of Man Government’s extensive range of data security measures.The review confirms that the Manx Government has in place a range of comprehensive technical and organizational measures to protect data and information. But it identifies scope for further improvements in certain areas.The Treasury’s Internal Audit Division investigated the security and processing of personal data held in the Department of Health and Social Security’s Benefit Payment System. The focus of the review was on policies, procedures, access controls, disclosures of personal data, together with staff awareness and training. An executive report has been produced for consideration by Tynwald Members and external publication via the Isle of Man Government’s web pages.The review found that while appropriate technical and organizational measures are being taken against unauthorized or unlawful processing of personal data with safeguards against accidental loss or destruction of personal data, minor improvements are required in some areas. The Treasury Minister whilst gaining assurance from the results of the review commented:“The Isle of Man Government cannot become complacent about ensuring the confidentiality of information. We recognise the development of the information communication strategy and the increased use of such technology to exchange sensitive data does present a greater risk for our business which in turn places a greater onus upon us all within the public service to act responsibly in promoting high standards in data security. We will also study the UK Cabinet Office Report published 25th June and keep abreast of best practice should we need to strengthen our policies further”.
The Manx Herald contacted the Positive Action Group, for a comment on this review, as data security is an issue of concern to members of the Group; and was a subject of discussion at one of their public meetings in January 2008.
A spokesman for the Group said: “When Her Majesty's Revenue and Customs lost the details of 25 million child benefit claimants the world woke up to the issue of personal data security. Our Treasury Minister's rather delayed report, into our own data security here in the Isle of Man is, therefore, most welcome. It seems that the worst thing the report uncovered was that some data, which had not been anonymised, was sent across to the UK via normal post. Hopefully this wake up call will preclude a repeat of this practice in all our interests! Ten recommendations for improved security have been made. The issue remains, however, of exactly what information is being sent to the UK and why it is being sent. PAG member and Peel Commissioner Rodger Gimbert, submitted a Petition on Tynwald Day which calls for a Select Committee to examine whether the data Government sends to the UK is strictly necessary. Hopefully MHK's will seize this opportunity to safeguard our personal data and keep it in the Isle of Man wherever possible!”
A copy of the report summary can be downloaded from the Government website.http://www.gov.im/lib/docs/treasury/news/datasecuritysummaryreport.pdf
Link: http://www.positiveactiongroup.org/html/previous_events.html
del.icio.us |
Digg
Email to a friend
Print version
Plain text
Post your comment