The government has the opportunity to redeem itself by adopting standards that can be upheld as a role model for data governance.


John Colley, managing director, EMEA, of (ISC)2, claimed that by tackling human challenges the government can clarify public perceptions on security.
He claimed that the government will have to address the common misconception that password protection provides encryption. It should also encourage the individuals handling data to be motivated to become responsible for their own benefit, by ensuring employees understand how risks apply to their role and can anticipate them as they get on with their daily tasks.


Following the Information Commissioner's Office finding the Home Office to be in breach of the Data Protection Act after losing the details of people serving custodial sentences and previously convicted of criminal offences, Colley claimed that the biggest challenge is not in the assessment and procurement of encryption technologies, it is in ensuring that all involved understand what has to be done.


Colley said: “Personally, I believe the biggest challenge will come from the users of the information, how well they are made aware of controls that are in place, and how well they are positioned to respect them.


“There has almost been a grace period, perhaps prompted by the Information Commissioner's new power to investigate government departments, where all and sundry want to tell the world about data that has been lost, sometimes in the fairly distant past.


“Policies and technology have little hope of counteracting employees who are motivated to get around the rules, particularly if those employees think they are justified by achievement.”