• Government data security heavily criticised by NAO report

    Education data security 'needs layered approach' Education data security 'needs layered approach' Education data security 'needs layered approach'

    The National Audit Office has strongly criticised the UK government's approach to data security.

    The National Audit Office has strongly criticised the UK government's approach to data security.

    The National Audit Office has strongly criticised the UK government's approach to data security.

    • The effectiveness of the government's approach to digital security has been heavily criticised in a report from the National Audit Office (NAO).

      One of the biggest problems identified by the study is that there are too many bodies and departments with overlapping responsibilities in this area, which creates confusion about where government organisations should turn to for advice.

      It noted that as of April 2016, there were at least 12 separate teams within the centre of government with a role in protecting information, many of which publish their own guidance. Overall, it identified 73 teams that handle security across central government departments, consisting of around 1,600 employees.

      However, the NAO noted that "none of the departments we interviewed understood the specific roles of the various bodies involved, making it difficult to identify any single arbiter of standards or guidance".

      In particular, the Cabinet Office came in for criticism for failing to establish clear leadership when it comes to data security. The department does not currently provide a single set of standards for departments to follow, and does not collate or act upon those weaknesses it identifies.

      What's more, the reporting of data breaches is often chaotic, with it being very difficult to make meaningful comparisons between departments due to the different systems each body uses for reporting.

      While the Cabinet Office has made some efforts to calculate the cost to government of data breaches, it's thought that the actual costs are "several times higher" than the figure of £300 million a year that it came up with.

      Head of the NAO Amyas Morse said that protecting information while introducing the new technology necessary to support public services is proving to be an increasingly complex challenge.

      "To achieve this, the Cabinet Office, departments and the wider public sector need a new approach, in which the centre of government provides clear principles and guidance and departments increase their capacity to make informed decisions about the risks involved," he said.