|
09 September 2009 COMPTROLLER & AUDITOR GENERAL ISSUES REPORT ON DATA SECURITY WITHIN THE STATES OF JERSEYThe Comptroller & Auditor General, Chris Swinson OBE, has today (09 September 2009) issued a report regarding data security within the States of Jersey. The review, which considers States-wide arrangements and practices, examines not only the security of data held in electronic media, but also the physical security of information held on paper. It also examines practices within certain central units, such as the Information Services Department, Human Resources Department and Jersey Property Holdings; and provides more detailed reviews of practices within individual departments, including Income Tax, Health and Social Services, Housing, Judicial Greffe, Social Security, and Education Sport and Culture. Alleged failures by the UK Government to safeguards its own and citizens’ information have led to widespread public concern, resulting in a series of enquiries and wide ranging actions led by the Cabinet Office to improve data security in the UK Government. Albeit there has, to date, not been such a parallel within the Island, the Comptroller & Auditor General highlights the need for a review of this nature, as the significance of data security is equally important within the Island’s Government. In his report Mr Swinson explains the very real risks associated with misplacing data and highlights the importance of data security as a foundation of effective government administration and service to its citizens and that, without it, the States may well be at risk from a similar data security failure. His findings highlight some good practice within certain departments, but also a lack of consistency of policies, and widespread variations in practice across the States. He attributes this to the organisational arrangements for managing the States’ network and safeguarding data security, and says that proper security policies and practices must be implemented throughout the States, without significant variation, and be the clear responsibility of an officer with a States-wide remit, such as the Chief Information Officer. He recommends the steps which need to be taken to ensure effective risk assessments and policies, departmental compliance and ongoing monitoring. Whilst recognising that it will not be possible to eliminate all possibility of data security failures, Mr Swinson reinforces that all reasonable steps must be taken by the States to eliminate security failures, so that any breaches which may occur, do not result from the States’ inaction and inconsistency. ENDS For further information, please contact: |
 |
||||||||||||||||||
|
||||||||||||||||||
|
