News & Views
Egress comments on Data Sharing
“The Data Standards Authority (DSA) setting new ‘metadata’ standards to improve data sharing and security across government is fantastic news. These new standards are a great first step in ensuring that government information is better managed, and that there is a set of consistent and common standards across government that follow data protection rules and the data ethics framework,” comments Tony Pepper, CEO, Egress (www.egress.com).
“This increased regulation couldn’t have been any better timed. With the acceleration of digital transformation in the public sector brought about by the COVID-19 pandemic and with digital processes now becoming the default as government employees work from home, there is no doubt that the expanding digital footprint of public services will increase the amount of personal data residing in public sector systems and handled by government employees.”
Figures published earlier this year by the ICO showed that central and local government organizations accounted for 12% of all reported personal data breaches in the second half of 2019; 92% of these were classed as “non-cyber incidents” attributed to human error or theft. So, whilst these standards do signal a move in the right direction for government, individual departments and bodies need to ensure they have the right tools in place to ensure data is protected when it needs to be shared.
“It’s simply not possible for government IT leaders to “fix” most of the root causes of breaches,” continues Pepper. “People will always get tired, stressed and rushed, given the pace at which organizations must operate, and even in “perfect” conditions, they’ll still make mistakes. Sadly, the gift of more time and resources is beyond the capability of security teams to deliver. Similarly, IT leaders cannot be the moral guardians against worker dishonesty. These are all human, not technological, failings and that is why I believe that a specifically human layer security (www.egress.com/solutions/technology/human-layer-security) programme is the only effective answer to mitigating insider breach risk.”
“Human layer security identifies the risk points in employees working processes and ensures that there is a safety net to support them when they are vulnerable to tiredness, rushing and stress, preventing them from making mistakes. It also acts to put a brake on employees who might be more reckless or dishonest with sensitive government data, protecting it against malicious leaks. Whilst the new DSA standards are great, we still have more work to do,” comments Pepper.