“The legislation in UK that covers data protection is known as Data Protection Act 19981. This legislation is a UK way of complying with European directive on Data Protection, 95/46/EC2. In simple terms Data Protection can be defined as handling of information regarding individuals with due respect2.
This legislation has 8 principles dealing with various concepts of data protection. It is important to realize that introduction of E-Government that in turn led to the design and implementation of Knowledge Management in Government has ensured taking up a number of IT-security features for the safeguard of data and also for the safe flow of information across various departments of UK government. Not only data protection Act 1998 itself but also the design and implementation of e-Government, Online one stop and k-Government has resulted in enhancing the level of data protection in UK. In terms of Data Protection Act 1998, the principle 7 of the Act covers the security features that are required by this legislation to ensure safe processing of data3. These features include:
- Carrying out Risk assessment to determine the necessary security features.
- limited access to buildings and offices,
- securing files in locked cabinets,
- Making sure access to computer has user verification systems in place including password access to IT systems and files.
- introducing effective recovery systems by ensuring periodically backing up files and having disaster recovery procedures to recover accidental loss of data on computer systems
- Following safe data discarding practices
Following the security practices and timely reporting of any data breaches can help guarantee data security.
In June 2008 a data handling review (DHR)4 was carried that recommended practices and measures that should be in place in Government to ensure safety of personal data across different governmental levels. Consequently In 2010 the Cabinet Office issued a document titled: Protecting Information in Government, dealing with emerging risks associated with increasing use of IT in provision of public services by assessing the impact of the recommendations made by the DHR. According to this report a great deal of progress has been made by Government in making sure the safe handling of personal data. The security of data entrusted by the public or individuals to the government can be increased by implementing following features:
- Introducing a cultural change in the way that we value and manage personal data is important. This involves managing of personal data by properly training the public sector staff and implementing the strict processes for data handling. As a result about 450,000 civil servants have been trained to increase their data security awareness since the release of DHR5.
- Introducing tightened monitoring and compliance regimes ensured losses and near miss are consistently documented and reported.
- Managing departmental risk information policy at strategic level to increase Data Protection accountability.
- Integrating information security into the core responsibilities of the existing job roles.
- Increasing number of Information Asset Owners in Government with the task to warranty safe information handling at business level.
Use of Right Technology
- Ensuring right technology is used to safeguard information and this included encryption of laptops and other mobile devices and use of Penetration Testing by independent experts. Accordingly more than 100,000 devices have been encrypted.
Enhancing the procedure for risk management- UK government has taken a number of steps to enhance risk management which in turn ensures data protection. Some of the steps taken by Government and the Information Commissioner’s Office (ICO) include making the role of Senior Information Risk Owner compulsory at board level, encouraging utilization of Privacy Impact Assessments (PIAs) on new plans by providing guidance and workshops, increasing accountability and risk ownership by incorporating Information risk in the role of accounting Officers, ensuring supplier’s to Government follow practices that ensure secure management of Information risk such as use of a supplier’s self assessment tool, (e.g. Helping Assess Data Risk & Information Assurance Nationally designed by Home Office) to decrease the risk of loss of important data in the supply chain5.
Ministry of Justice has started the process for improving Criminal Justice and Immigration Act 2008 by raising the penalties for violating Data Protection Act5.
A lot of work has been done to ensure data protection. However it is not possible to eliminate all possible risks and there are still some grey areas. Therefore it will not be very unrealistic to assume that one’s data is pretty much safe in UK Government.” – Auj-E Taqaddas – London, United Kingdom
Data Protection Act 1998 Available at:
Woulds J; (2004) ‘A Practical Guide to Data Protection Act, Constitution Unit,
Guide to Data Protection, Information Commissioner’s Office
Accessed by 18/02/2014
Data Handling Review (2008), Cabinet Office
Protecting Information in Government (2010) Cabinet Office.