- Pricing and telematics lead the charge as insurtech patents jump 40pc
- FCA puts general insurance pricing practices under review
- Volvo and Baidu reach agreement to produce autonomous vehicles
- Cyber and D&O exposures increasingly intertwined, Airmic report finds
- Arch selects Touchstone for cat risk modelling
VIEW: On the sensitive nature of data handling in the public sector
Written by Peter Andrews, company secretary, Alarm
Public service organisations are totally reliant on the effective handling of information from which to design, implement and deliver effective policies and services. Data security breaches represent a significant risk for all organisations and those in the public sector are no exception. There has rightly been an emphasis on potential for risk to public sector organisations’ IT infrastructure from cyber criminals and terrorists.
However, cyber risk is only part of a wider information risk environment. The weakest part of IT security is all too frequently the human element. In addition, much of the information used by public service organisations is still in paper form.
The information that local councils hold on individuals is often of a sensitive nature, for example in connection with education, the provision of social care and now public health. In addition, the environment that public services are operating in is changing rapidly, with an increased use of digital technology. This places a challenge on public service organisations to ensure that the information they hold on individuals is used legally and proportionately and that the public, as the customer is kept well informed. Above all, that the risks arising from these changes are fully understood and appropriately managed.
Public service organisations are increasing the sophistication of their governance arrangements around information, and the risk manager has a vital role to play in facilitating robust management of information risk that assists the management of information within safe, secure and legal boundaries.
In response to this increasing focus on the risk manager’s role in facilitating effective information risk arrangements, Alarm is working on a guidance document on information risk in the public sector, which will be available in the summer of 2015.
It is clear that the management of risk is ever changing and thus, creating a resilient future is Alarm’s focus for this year’s National Educational Forum, being held in June at Aston University, Birmingham.