A dispute has broken out surrounding the cost of obligatory security measures which are being rolled out across various governmental departments.
After HM Revenue and Customs lost the personal details of over 25 million people in 2007, new plans were drawn up by Sir Gus O’Donnel to prevent future data loss occurring. However, the cost of the improved security was to be passed onto the IT suppliers that service various governmental departments.
The Data Handling Review (DHR) led by Sir Gus outlined the minimum level of security that would be required to prevent future data loss. It has been 18 months since the measures were approved for implementation, but the cost of the improvements has become a sticking point, bringing the process to a standstill.
The main issue is that the government signed contracts with a majority of its IT suppliers before the new reforms were introduced and changing their original agreements has proved to be extremely difficult.
A spokesperson for Intellect, the representative body for IT suppliers, said that they were currently seeking a solution which did not place unnecessary financial strain onto the suppliers as a result of a change in contract.
Other industry experts are calling for the government to pay for the service improvements, claiming that the current levels of service that the government receives are exactly as stipulated in the original agreements. Implementing the changes, which would require significantly enhancing data security during transport and the accreditation of those handling data for governmental departments, is believed to be impossible without adequate compensation for the suppliers.
The revelations concerning the proposed but as yet unimplemented data security guidelines have been made public as the first annual report on the progress of the Data Handling Review is due to be published. It is likely that the report will outline how internal systems within government have improved whilst ignoring the performance of IT suppliers operating on pre-DHR contracts.
Experts believe that the government will be unable to alter the terms of existing contracts as doing so could be seen as facilitating the off-loading of blame in the event of further data loss. The government and the data security industry that supplies it with protection appear to be deadlocked over costs for the time being.
