We recently seen a Freedom of Information (FOI) request on the site WhatDoTheyKnow which asked Fife Council what security measures they have in place (or intend to put in place) to prevent data either being lost or malicious programs extracting personal information. The reply the person received was a list of security guidelines that all Fife Council employees have to abide by.
Unfortunately, the guidelines weren’t made available, as the person making the FOI request, didn’t ask for the documentation as well. We decided to take the FOI request further and submit our own request, asking for the following documentation;
- Information Security Policy
- Data Protection Policy
- Password Management Policy
- Information Security Incident Management Policy
- Protective Marking Policy
- E-mail, Phone & Internet Guidelines
- Mobile Electronic Computing Devices & Removable Storage Media Policy
We also asked the following questions;
- How many data losses were Fife Council responsible for during the year 2010?
- How many data losses were Fife Council responsible for during the year 2011 (from Jan 1st to 2nd of May)?
- Has Fife Council ever been reported to the Information Commissioner for loss of data, or any other breaches to the Data Protection Act?
Please provide details of the loss/breach.
- How many complaints has Fife Council received from individuals for the loss of their personal data in the year 2010?
- How many complaints has Fife Council received from individuals for the loss of their personal data in the year 2011 (from Jan 1st to 2nd of May)?
When we received a reply to our FOI request, we were quite surprised with the results. We were expecting Fife Council to be one of the many local authorities to have lost massive personal data, as public authorities/organisations have a bad track record of keeping personal data secure, as reported by various media outlets.
While no data loss is acceptable, the fact that Fife Council has only had 4 data losses, within a yearly period, is a really good sign that Fife Council takes their security seriously when protecting user data. Especially when you take into consideration the fact that Fife has a population of just under 360,000.
We also had a look at the policies we were provided through the FOI request, which you can access or download at: WhatDoTheyKnow.
The documents are very in-depth, but show forward thinking, when it comes to protecting user data, and also how staff should deal with keeping personal data secure through best practise guides for staff passwords, limiting usage of mobile technologies, and restricting access to the internet on certain systems, etc.
While we can be critical of Fife Council on certain issues, data privacy and system security, is an area where Fife Council seem to be progressing in a positive manner.