freshidea - stock.adobe.com

People worried about data security in public sector, survey finds

Majority of people are concerned with the security of the data they share with public sector organisations, according to a report

UK citizens are worried public sector organisations don’t have strong enough security measures in place to keep their information safe, according to survey results.

The survey by IT supplier Probrand questioned 500 people and found that 49% of people are “wary” of sharing their information on public sector websites.  

The results, published in a report, highlighted the NHS, HM Revenue and Customs (HMRC), the Driver and Vehicle Licensing Agency (DVLA) and the police force as the organisations people are most worried about sharing their data with.  

As many as 87% of those surveyed said they were concerned with the security of personal information in the NHS.

Despite there being no proof that the WannaCry ransomware attack on the NHS in 2017 led to any patient data going astray, 34% said the cyber attack had made them increasingly worried about the data in their medical records being safely held.  

“People are most concerned about sharing their personal information with the NHS, with just 13% saying they harbour no concerns about this at all,” the report said.

Other public sector organisations aren’t faring much better, with 85% of those surveyed concerned about data security at HMRC, followed by 80% concerned with DVLA’s security and 78% “are anxious about the data held with the police force”, the report said.  

People are also wary of sharing information with local councils, with 49% saying they are either “very concerned” or “moderately concerned” about sharing their information on their websites.

When it comes to the private sector though, people are less worried. Only 40% of people however were concerned with doing the same on private sector websites.

Read more about GDPR

The report said that some of the worries could be “eased” by the EU General Data Protection Regulation (GDPR) coming into force later this year. 

After 25 May 2018, organisations that fail to comply with the GDPR could face fines of up to €20m or 4% of global annual turnover, whichever is greater. As part of the new regulation, any data loss or security breach must be reported promptly to the Information Commissioner’s Office.  

“Organisations will also be unable to collection information unknowingly, with opt-in boxes and disclaimers needing to be clearly displayed and positive consent needed before data is collected and processed,” the report said.

Read more on Hackers and cybercrime prevention