The relationship between private companies and local governments can be viewed as a business arrangement: Businesses provide private information to the government with the expectation that the data will be kept secure while in their custody. This is a seemingly fair agreement, but government agencies frequently fail to uphold their end of the bargain by employing staff with little to no training in preventing security breaches.
A study conducted by Big Brother Watch found that between 2011 and 2014, local authorities were responsible for 4,236 data security breaches. This implies a disturbingly drastic increase in the number of security failures, as local governments were found responsible for only 1,035 breaches between 2008 and 2011.
The source of this problem is not only that governments are negligent, but that this misconduct seems almost encouraged. Local authorities are failing to hire reliable and competent employees to work with sensitive information, and this negligence is directly responsible for countless data security breaches every year. To see how widespread this issue is, all you have to do is look at the numbers.
A sample of 400 different data losses and thefts revealed that 197 of these, almost 50 percent, involved cell phones, tablets and computers. This means that data is being lost and stolen from the most popular systems for everyday citizens and businesses.
In another sample, there were 600 cases where workers shared classified information with untrustworthy people and the information was subsequently stolen. Despite these staggering numbers, in 1,000 cases only one person faced criminal punishment and a mere 50 were dismissed from their jobs.
These numbers suggest that not only does local government fail to protect information, but that they are unrepentant of these numerous failures. How is it possible for local governments to allow these security breaches when private information is entrusted to them?
The Acceptance of Security Failings
According to the Data Protection Act (DPA), when local governments collect private information it must be done for “legitimate purposes” and while it is in their custody, that information must not cause harm to the people or businesses it was collected from. Why, then, have there been thousands of data security breaches in only three years?
In a word: incompetence. The vast majority of security breaches have been the result of shameless negligence. For example, in the town of Havering, information was lost or stolen due to misplaced phones and iPads, emails sent to the wrong people and private records being made freely available to the public. In each of these cases, despite how easily they could have been avoided, not a single person faced any kind of disciplinary action for these breaches.
In the interest of fairness, consider both sides of these numbers. Certainly some of these breaches resulted in disciplinary action. While not all of these incidents went without punishment, only 32 percent resulted in any type of penalty. Of these cases, only 2.1 percent culminated in resignation or formal dismissal. This means that in 4,236 security breaches, only 89 of the people responsible ended up losing their jobs.
When government workers are allowed to continue working after such grievous failings, it sends a message that these security malfunctions are acceptable. With this mentality, it’s no wonder that the rate of security breaches has more than doubled in the past four years alone. If this horrifying trend is to be reversed, it will require drastic and meaningful changes in the way that disciplinary actions are assigned.
The Need for Harsher Punishments
The vast majority of these cyber security breaches are due to human error. While human error is impossible to eradicate completely, it can be significantly reduced through proper training. Of course, this training will not be implemented until local governments and their employees see a clear need to improve their performance. When workers are allowed to cause disastrous data breaches without penalty, however, why would they want to undergo additional training?
Thus, the cycle of unsecured information will continue until those who allow data leaks are appropriately punished. Local governments take more information from private businesses and citizens each year, so why are they allowed to continue treating this sensitive data so carelessly?
A reformation to the current system of non-punishment would ensure that when local authorities take information, they properly secure and protect it. Until that day comes, however, additional security measures will be essential to keeping your business’ sensitive data from being lost or stolen.
Trust Reputable Protection
It is clear that local authorities cannot be trusted as the sole protectors of sensitive information. If your organization entrusted its private information to a government agency, then that data would be at significant risk to be stolen during a security breach. To add insult to injury, the government employees who caused the breach would likely receive no punishment and continue to work with your sensitive information in the future.
If this sounds like a nightmare scenario to you, then don’t allow it to happen. By investing in additional security measures, you can ensure that even the most negligent of government workers can’t put your business at risk.
By entrusting a proven solution like ClaraWipe for your cyber security, you will no longer have to live in fear of an untrained staff member inadvertently leaking your most private data. ClaraWipe is able to completely delete sensitive information from any hardware and guarantees that you will never need to worry about whether or not a misplaced laptop will ruin your business’ cyber security.