Open Data on the March

The Government’s new Localism Bill, which calls for more raw data from local government to be released into the public domain, looks set to push the open government agenda further up the priority list and reinforces the outcomes of the 2008 Power of Information Review.

Clearly the concept of freedom of information is laudable and there are already small pockets of great practice springing up all over the UK – Warwickshire County Council’s competitive approach, for example, has yielded some fantastic applications that use raw and previously un-utilised data to provide useful citizen-facing applications at very little or no cost. The Royal Borough of Windsor and Maidenhead is another example where the authority has published its entire accounts here giving complete transparency to local citizens. Next year, councils will be required to publish every item of expenditure over £500, so these authorities are getting ahead of the curve.

However, there is a real danger that, without a careful and very deliberate strategy governing the data held by Public Bodies, this drive from the top down to release whole rafts of data could significantly increase the risk of accidental data loss. Opening up some data in this way to the public pushes all the data held by an organisation much closer to the boundaries of its network. Public bodies everywhere must therefore take extreme care when defining what information they actually can release and then put strict controls around the data that needs to remain confidential.

This requires the usual three-pronged approach: process + technology + user education, with each of these elements having equal importance. As a minimum, any data that cannot be released outside of the organisation should be encrypted in the event of either an accidental or a deliberate breach, both at the endpoint and the email gateway, and policies should be put in place governing what information can and cannot be released. Additionally, it makes sense to consider DLP (Data Loss/Leak Prevention) technology to prevent accidental release. Some organisations already have this kind of protection in place but it becomes crucial in the light of the recent data recommendations in the Localism Bill.

More of the same please everyone, but do please be careful with my data…

Advertisements

About Graeme Stewart, McAfee

I work for McAfee as Director of Public Sector Strategy and Relations, UK&I
This entry was posted in Legal, Security, Sophos. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s