Justice minister urges overhaul of gov't data handling
Justice minister Michael Wills has called for a root-and-branch change in how the government handles citizen data.
Wills told the House of Lords Constitution Committee on Wednesday that government should treat data transactions in the same way as financial transactions.
"There is a clear need for radical change in government in how we handle data," said Wills. "We don't handle data in the same way as we handle money, and I think we should."
The minister spoke of the need for 'data minimisation' — that is, only holding as much data as is necessary to provide a service — and following other data-protection principles, such as only providing access to data for the purposes for the data was originally collected.
"I don't think anyone wants to see gigantic databases where anyone can go and search," said Wills. "I think the security implications of that are horrendous."
Government plans for increased data sharing, which the government claims will improve services to citizens, will not be possible if the public doesn't have confidence in government data handling, said Wills.
"There is unease about the spread of data [that] people are holding on you," Wills added. "Clearly this is an issue we are going to look at."
The justice minister's comments were made in light of a number of reports on government data losses published on Wednesday, including a review of the HMRC loss of 25 million child-benefit claimant details by PricewaterhouseCoopers chair Keiron Poynter, and a report into MoD data breaches by Sir Edmund Burton, chair of the Information Assurance Advisory Council.
Cabinet secretary Gus O'Donnell also published a review of information security in government on Wednesday.
According to O'Donnell, in response to the raft of public-sector data losses, a series of mandatory security measures are being put in place, including data encryption and compulsory penetration testing by independent contractors. All civil servants dealing with personal data are to undergo annual training, while the government will introduce 'privacy impact assessments' to projects, as recommended by the information commissioner.
"Recent data losses and thefts have underlined the need for urgent action to improve data protection right across government and to bring about a fundamental change in culture among those who are entrusted with the public's personal records," said O'Donnell.