<h2>Hi</h2>
Socitm works in partnership with LGA to produce data handling guidelines for local councils
18 Nov 2008 09:47 AM
The Society of IT Management (Socitm) has worked closely with the Local Government Association/ Welsh Local Government Association and central government on a new publication that shows councils the steps they need to be taking to keep safe and secure data collected from residents, businesses and other parties.
Local Government Data Handling Guidelines provides local authorities with an essential checklist of actions, highlights best practice in secure data handling, and sets the standard for local government around a topic that has been much in the news in recent months.
The guidelines set out fundamental steps that every council should take to lessen risks of personal information being lost or data protection systems failing, and include Socitm’s top 10 tips for data handling. They provide chief executives, senior managers and elected members with a vital aid in living up to their responsibilities and being accountable for proper handling of personal information.
The standards outlined in the guidelines are challenging, but necessary to build public confidence in the local government’s ability to protect personal data. The Society of Local Authority Chief Executives and Senior Mangers (SOLACE) and the Information Commissioner have both welcomed the publication.
Commenting on the guidance, Richard Steel, President of Socitm and CIO of the London Borough of Newham said:
“It's a long time since data security could be considered as something for just the IT department to worry about. It’s a concern that should run through the entire organisation. If local government is to meet the challenge of improving public trust it will be firstly by creating the right culture and secondly, by having the right policies and procedures in place to provide accountability and scrutiny.”
Jointly commenting on the guidance, Paul Coen, Chief Executive of the LGA and Steve Thomas, Chief Executive of the WLGA said:
“These new guidelines show how seriously local government takes the issue of secure data-handling, by ensuring standards in councils are equivalent to, or exceed, the best practice identified in these guidelines, the public can be reassured that all reasonable steps are taken to preserve and protect their information.
“A lot of excellent work has already been done but there is still more to do; the pace of technological development means councils always need to be aware of new risks and threats.”
Richard Thomas, Information Commissioner, said:
“I welcome these guidelines as a significant step towards ensuring the consistent, proportionate and secure use of personal information by government at all levels.
“They make an important contribution to the aim of the Information Commissioner’s Office, which is that all organisations should inspire trust by collecting and using personal information responsibly, securely and fairly.
“I believe that if councils effectively implement the steps set out in the guidelines, they will significantly reduce the risk of incidents and problems, and in doing so, help build the necessary public trust in the handling of personal information that recent and well publicized incidents can only have eroded.
In addition to working with the LGA on the data handling guidelines, Socitm is also advising and supporting DWP’s Government Connect programme that is implementing a variant of the Government Secure Intranet (GSI) to all local authorities in England and Wales. This will enable the secure transfer of local government data through government-controlled networks, avoiding situations where data is put at risk when devices like memory sticks, CDs and laptops are lost in transit.
Socitm will be working with the LGA/WLGA and IDeA to provide advice and guidance to local authorities in achieving compliance with the Data Handling Guidelines and the Government Connect Code of Connection. This programme will be funded by a £250k grant from Government Connect and additional resource from the LGA/WLGA and IDeA.
Further information about Socitm’s work in the area of information assurance can be found at
http://www.socitm.gov.uk/socitm/Transformation/Information+Assurance/default.htm
Press copies of the Data Handling Guidance Executive Summary can be obtained from the Socitm press office with the proviso that the information is under the same embargo as this press release – ie it may not be published before 00.01 18 November 2008.
Further information:
Vicky Sargent or Rob Adams,
Socitm Press Office
Tel: 07726 601 139 Email:
Vicky.Sargent@socitm.gov.uk
or
Rob.Adams@socitm.gov.uk
Notes to editors:
About the Data Handling Guidelines:
The Guidelines provide chief executives, senior managers and elected members with a guide and essential checklist to their responsibilities and accountability for secure and effective handling of personal information but recognises that councils are best placed to assess their own risk and put in the necessary safeguards which are often equivalent to, or exceed, those set out in this document.
The material in this document reflects good practice as set out in the ISO/IEC 27000 (Information Security Management System) series and is also aligned with Central Government Information Assurance policy , produced by CESG (the Communications and Electronic Services Group, part of GCHQ). It is not exhaustive and relies upon other initiatives, legislation and processes for completeness.
About the Local Government Association
The LGA is a cross-party organisation which represents more than 400 councils in England and Wales.
About Government Connect
Government Connect is an IT programme jointly funded by the Departments for Communities and Local Government, Children Schools and Families and Work and Pensions. The Objective of Government Connect is to implement a variant of the Government Secure Intranet (GSI) to all local authorities in England and Wales. The programme is governed by a board chaired by Janet Callender, Chief Executive of Tameside and represented by the three funding central Departments plus the Local Government Association, IDeA and Socitm.
Socitm’s Top 10 tips for Data Handling
1. Ensure you understand which legislation affects your business area.
2. Ensure a named individual in the business, not ICT, owns the risk.
3. Ensure there is an effective incident reporting mechanism in place.
4. Regularly monitor, measure, and audit your processes and procedures.
5. Establish a Corporate Information Governance group.
6. Ensure all staff are trained, updated and aware of their responsibilities.
7. Undertake regular risk reviews of all processes and procedures.
8. Ensure all key information assets are classified and are resilient.
9. Have robust risk driven processes in place for “ad hoc” situations.
10. Have documented policy-driven processes and procedures in place.