Public sector way behind private on data protection, says ICO
Reports suggest organisations should take part in compulsory audits
There are concerns about data protection compliance in the public sector, while private organisations are leading the way. That's according to series of reports by the Information Commissioner's Office (ICO).
The findings have been released across four reports that summarise the outcomes of over 60 ICO audits carried out in the private, NHS, local and central government sectors.
"The private-sector organisations we have audited so far should be commended for their positive approach to looking after people's data. However, this does not mean that businesses in the UK should rest on their laurels," said Louise Byers, head of good practice, at the ICO.
"We are still seeing relatively few companies agree to an ICO audit and further improvements can be made, particularly when it comes to the retention and deletion of data," she added.
Only one in 15 organisations in the health service that were audited and only one in 19 in local government provided a high level of assurance to the ICO. Just two out of 11 government departments that the ICO examined achieved the highest level of assurance.
"While the NHS and central government departments we've audited generally have good information governance and training practices in place, they need to do more to keep people's data secure. Local government authorities also need to improve how they record where personal information is held and who has access to it," said Byers.
She suggested public-sector organisations should be requested to take part in compulsory audits by the ICO.
"Organisations in these areas will be handling sensitive information, often relating to the care of vulnerable people. It is important that we have the powers available to us to help these sectors improve," Byers added.
The audits were carried out between February 2010 and July 2012.