Page last updated at 13:52 GMT, Wednesday, 25 June 2008 14:52 UK

Tougher data rules for Whitehall

Computer
Sir Gus pledged a cultural change in data security

Tougher rules aimed at keeping people's personal records private are to be introduced in government departments.

Civil service chief Sir Gus O'Donnell said there had to be a "fundamental change in culture" among staff handling people's personal information.

Compulsory annual training and spot checks on data security are among changes outlined by a review.

It comes as a separate review says the loss of 25m people's data by HM Revenue and Customs was "entirely avoidable".

Announcing the results of a review into information handling by government departments, Sir Gus said much had already been done - but more had to be done to "restore public faith in the government's ability to handle personal information safely".

I believe the measures we are announcing today will ensure that the public can be assured we are taking the necessary measures to keep people's data secure
Sir Gus O'Donnell

That came under question after HMRC sent two discs containing the entire Child Benefit database to the National Audit Office unregistered and unencrypted last October - they have not been found.

It prompted fears that criminals could fraudulently use personal details on the discs, including addresses, bank accounts and National Insurance numbers.

Since then new guidelines have been issued on the handling of sensitive data, 90,000 staff at HMRC have been given extra security training and 20,000 Ministry of Defence laptops have been encrypted, Sir Gus said.

The new changes include new "mandatory minimum measures" across all departments - including encryption and compulsory testing of security systems by independent experts.

They also include "cultural change" - with annual training for everyone who handles personal data and privacy impact assessments - something recommended by the information commissioner.

There will also be stronger data security roles - so staff know who is responsible - and tighter scrutiny as departments' reports are checked by the National Audit Office and there will be spot checks by the information commissioner.

Sir Gus said: "Although no organisation, public or private, can ever guarantee that it will never make a mistake, I believe the measures we are announcing today will ensure that the public can be assured we are taking the necessary measures to keep people's data secure."




RELATED BBC LINKS

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites


FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific