Someone attending this week’s London Information Rights Forum made an interesting observation about data leaks in public authorities. The real issue, he proposed, was not that public authorities were bad at handling personal data. Actually, the real issue was that, compared with the private sector, local authorities were really good at reporting data breaches.
There was general murmuring in agreement.
I thought about this when reading Dawn Monaghan’s excellent blog on the ICO’s website. In her view:
“The breaches reported to us are preventable and it is up to councils to make sure they are stopping them before a serious breach occurs. Failure to do so not only leaves a council in line for a potential fine of up to £500,000, but also shows that they have failed to play their part in breaking a damaging cycle of data protection failings within the local government sector.”
But what else could be done to break this damaging cycle of data protection failings?
Perhaps the ICO should refocus its enforcement attention away from council officials and towards the elected officials, under whose supervision these breaches have occurred. Why have they failed in their duty to ensure either that appropriate systems were in place to ensure good data handling standards? Was it, perhaps, because they had failed in their duty to ensure that adequate resources were actually available in the first place to promote and facilitate good handling standards?
Is does strike me as ironic how, when things go wrong, it’s always the public servants, rather than the elected officials, who shoulder the blame.
But given the ever changing services that public bodies are expected to provide, and the increasingly limited funds available to public sector officials for them to do it, is it any wonder that decisions are taken to prioritise resources in directions other than data protection?
It may be a familiar refrain, but I don’t think it’s any less relevant – surely politicians need to recognise that good data protection standards (and fundamental rights) come with a price tag attached. And you can only squeeze budgets so much before people of good faith get close to breaking point. No decent professional sets put to do a bad job. But, these days, so many seem to be not waving but drowning.
In some areas, I suspect the breaking point is upon us. When I hear public servants involved with data protection privately confide that they don’t expect to get another pay rise in their lifetime, I wonder whether their heart is really in this game.
And how might they respond?
Perhaps by continuing to point out the data protection failings in their own organisations, in the hope that, at some stage, someone will conjure up the resources required to fix the problem as easily as you can whip rabbits out of a hat.
Where are you, Paul Daniels, when your country needs you?