E-mail and messaging apps.
[tta_listen_btn]
The UK’s impartial authority set as much as uphold data rights within the public curiosity, selling openness by public our bodies and information privateness for people.
The Data Commissioner’s Workplace – ICO – has at present known as for a authorities assessment into the systemic dangers and areas for enchancment round using personal correspondence channels – together with personal e-mail, WhatsApp and different related messaging apps.
The ICO report – Behind the screens – sustaining authorities transparency and information safety within the age of messaging apps – particulars a yearlong investigation, launched in 2021 by Commissioner Elizabeth Denham, into using these channels by Ministers and officers on the Division of Well being and Social Care (DHSC) in the course of the pandemic.
The investigation discovered that the dearth of clear controls and the fast improve in using messaging apps and applied sciences – akin to WhatsApp – had the potential to result in essential data across the authorities’s response to the pandemic being misplaced or insecurely dealt with.
An instance of this included some protectively marked data being positioned in non-corporate or personal accounts exterior of DHSC’s official programs. This data, which had been saved on exterior servers, reveals an oversight within the consideration of storage and retention of this data and the related dangers this might convey.
The ICO concluded that there have been actual dangers to transparency and accountability inside authorities and has now known as for a assessment of practices in addition to motion to be taken to make sure enhancements are made in relation to how officers and Ministers use personal correspondence channels shifting ahead.
John Edwards, UK Data Commissioner, stated:
“I perceive the worth of prompt communication that one thing like WhatsApp can convey, notably in the course of the pandemic the place officers had been pressured to make fast choices and work to fulfill various calls for.
Nevertheless, the worth of utilizing these strategies, though not towards the legislation, should not end in a scarcity of transparency and insufficient information safety.
“Public officers ought to be capable of present their workings, for each report protecting functions and to keep up public confidence. That’s how belief in these choices is secured and classes are learnt for the longer term.
“The broader level is ensuring the Freedom of Data Act retains working to make sure public authorities stay accountable to the individuals they serve. Understanding the altering function of expertise is a part of that image.
I’ll be setting out extra particulars on how my workplace will strategy FOI otherwise later this week after I launch ICO25 – the ICO’s new three-year plan.”
Key findings from the ICO investigation included that:
The ICO has now issued DHSC with a apply suggestion (included within the report) ordering the division to enhance its administration of FOI requests and handle inconsistencies in its present FOI steerage. This may guarantee FOI requests are higher managed, notably in relation to any materials created or contained in private accounts.
A reprimand has additionally been issued underneath the UK Basic Information Safety Regulation (UKGDPR), requiring DHSC to enhance its processes and procedures across the dealing with of non-public data by personal correspondence channels and guarantee data is stored safe.
We have now additionally issued a set of suggestions to additional help this.
To ensure wider classes are learnt, the ICO can also be calling for the federal government to arrange a separate assessment into using these channels and the way the advantages of latest applied sciences.
Together with personal messaging companies, will be realised while making certain information safety and transparency necessities are met. This may assist handle the numerous inconsistencies in strategy that look like happening throughout authorities and assist be sure that dangers are higher managed.
The ICO additionally welcomes the choice of the UK COVID-19 Inquiry, chaired by Baroness Hallett, to just accept the ICO’s suggestion to contemplate how data was recorded by the federal government in the course of the pandemic particularly. This may additional guarantee classes are learnt for the longer term.
The ICO has beforehand revealed steerage on how the FOI Act applies to official data held on personal correspondence channels. The steerage explains that any official enterprise ought to be performed by company communication channels, akin to departmental e-mail accounts, wherever doable and that official data exchanged by personal channels ought to be transferred onto official programs as quickly as doable.
Learn the complete report on our web site.
Notes to Editors
The UK’s impartial authority set as much as uphold data rights within the public curiosity, selling openness by public our bodies and information privateness for people.
The UK’s impartial authority set as much as uphold data rights within the public curiosity, selling openness by public our bodies and information privateness for people.
The Data Commissioner’s Workplace – ICO – has at present known as for a authorities assessment into the systemic dangers and areas for enchancment round using personal correspondence channels – together with personal e-mail, WhatsApp and different related messaging apps.
The ICO report – Behind the screens – sustaining authorities transparency and information safety within the age of messaging apps – particulars a yearlong investigation, launched in 2021 by Commissioner Elizabeth Denham, into using these channels by Ministers and officers on the Division of Well being and Social Care (DHSC) in the course of the pandemic.
The investigation discovered that the dearth of clear controls and the fast improve in using messaging apps and applied sciences – akin to WhatsApp – had the potential to result in essential data across the authorities’s response to the pandemic being misplaced or insecurely dealt with.
An instance of this included some protectively marked data being positioned in non-corporate or personal accounts exterior of DHSC’s official programs. This data, which had been saved on exterior servers, reveals an oversight within the consideration of storage and retention of this data and the related dangers this might convey.
The ICO concluded that there have been actual dangers to transparency and accountability inside authorities and has now known as for a assessment of practices in addition to motion to be taken to make sure enhancements are made in relation to how officers and Ministers use personal correspondence channels shifting ahead.
John Edwards, UK Data Commissioner, stated:
“I perceive the worth of prompt communication that one thing like WhatsApp can convey, notably in the course of the pandemic the place officers had been pressured to make fast choices and work to fulfill various calls for.
Nevertheless, the worth of utilizing these strategies, though not towards the legislation, should not end in a scarcity of transparency and insufficient information safety.
“Public officers ought to be capable of present their workings, for each report protecting functions and to keep up public confidence. That’s how belief in these choices is secured and classes are learnt for the longer term.
“The broader level is ensuring the Freedom of Data Act retains working to make sure public authorities stay accountable to the individuals they serve.
Understanding the altering function of expertise is a part of that image. I’ll be setting out extra particulars on how my workplace will strategy FOI otherwise later this week after I launch ICO25 – the ICO’s new three-year plan.”
Key findings from the ICO investigation included that:
The ICO has now issued DHSC with a apply suggestion (included within the report) ordering the division to enhance its administration of FOI requests and handle inconsistencies in its present FOI steerage. This may guarantee FOI requests are higher managed, notably in relation to any materials created or contained in private accounts.
A reprimand has additionally been issued underneath the UK Basic Information Safety Regulation (UKGDPR), requiring DHSC to enhance its processes and procedures across the dealing with of non-public data by personal correspondence channels and guarantee data is stored safe. We have now additionally issued a set of suggestions to additional help this.
To ensure wider classes are learnt, the ICO can also be calling for the federal government to arrange a separate assessment into using these channels and the way the advantages of latest applied sciences, together with personal messaging companies, will be realised while making certain information safety and transparency necessities are met.
This may assist handle the numerous inconsistencies in strategy that look like happening throughout authorities and assist be sure that dangers are higher managed.
The ICO additionally welcomes the choice of the UK COVID-19 Inquiry, chaired by Baroness Hallett, to just accept the ICO’s suggestion to contemplate how data was recorded by the federal government in the course of the pandemic particularly. This may additional guarantee classes are learnt for the longer term.
The ICO has beforehand revealed steerage on how the FOI Act applies to official data held on personal correspondence channels. The steerage explains that any official enterprise ought to be performed by company communication channels, akin to departmental e-mail accounts, wherever doable and that official data exchanged by personal channels ought to be transferred onto official programs as quickly as doable.
Learn the complete report on our web site.
Notes to Editors
The UK’s impartial authority set as much as uphold data rights within the public curiosity, selling openness by public our bodies and information privateness for people.