Civil servants handling personal information will have to undergo annual training as part of a range of measures to prevent a repeat of data loss scandal that hit HM Revenue & Customs (HMRC) last year.
Cabinet secretary Gus O’Donnell published a review of information security in government, setting up a new framework designed to improve the rules, culture, accountability and scrutiny of data handling.
The review was commissioned by prime minister Gordon Brown in November 2007 following the loss of two HMRC computer discs containing child benefit data relating to 25 million people.
The changes include minimum encryption measures, IT systems testing, data security roles within departments standardised to ensure clear lines of responsibility, and data spot checks by the Information Commissioner. About 90,000 employees at HMRC are already being given additional security training.
O’Donnell said: “Recent data losses and thefts have underlined the need for urgent action to improve data protection right across government and to bring about a fundamental change in culture among those who are entrusted with the public’s personal records.
“Although no organisation, public or private, can ever guarantee that it will never make a mistake, I believe the measures we are announcing today will ensure that the public can be assured we are taking the necessary measures to keep people’s data secure.”
The Cabinet Office review took place alongside two independent inquiries – the Poynter Review looking at the circumstances of the HMRC loss and the Burton Review of the loss of Ministry of Defence laptops earlier this year.
A separate report by the Independent Police Complaints Commission, said data security processes at HMRC were “woefully inadequate” while few members of staff appreciated the highly sensitive nature of the information contained on the missing discs.