The real issue underlying the loss of personal data relating to 7 million families by HM Revenue and Customs in one of trust claims an EU think tank. A key finding of a paper from ECOTEC, funded by the EU Commission, is that the issue of trust in public authorities and technology systems is a major challenge for governments across Europe.
The statement by the Chancellor, Alastair Darling, that there was nothing wrong with the HM Revenue & Customs’ system to protect private information, because it was a case of the existing procedures not being properly followed, further undermined trust. Allowing a young, junior official, to take decisions about data privacy indicates that it is an issue that is not taken very seriously. This view was later confirmed by an allegation that senior managers in Revenue and Customs decided earlier in the year that it was too complicated and expensive to edit out sensitive items from the child benefit records, such as bank account details, before sending the data to the National Audit Office. If the allegation is proved true it will be a devastating blow to trust, because it will show that in taking decisions about risk, senior management places a higher value on staff time and expense than it does on protecting the privacy of citizens.
The ECITEC report makes it clear that governments must engender trust either through the use of an encryption code, the ‘perception’ of a secure system, or in the reputation of an authority. But risk remains and it is essential to invest financial and intellectual resources to minimise the risk.
Trust, security and identity are the key themes at the heart of the paper, which argues that governments can and should get the technology of trust right. Security is no longer deemed to be a technology issue. Instead, the paper argues that governments must understand that trust is a relationship, and building trust means achieving a balance between these concerns. Trust enables security and security enables trust; the requirements of each must be met.
The paper also argues that a clear ‘pact’ is required to between citizens and governments concerning the use of citizens’ data to establish a clear basis for trust and promote a willingness to adopt electronic mechanisms. The successful implementation of ID cards will require such a pact.
The announcement by the Prime Minister that the Information Commissioner’s powers of scrutiny are to be extended to allow unannounced audits of information security across Government departments is the first move along the road to rebuilding badly damaged trust.