Alan Calder on IT Governance, information security & ISO 27001

The private sector needs to take data privacy more seriously if it is to stop the Information Commissioner’s Office getting the power to audit their information security systems without warning. According to ComputerWeekly, this is the warning from James Alexander, technology security partner at management consulting firm Deloitte.

His comments followed Deloitte’s finding that only 54% of technology, media and telecommunications (TMT) firms will tell customers if their data privacy is breached.

Well, I take the contrary view here. What we NEED is for the ICO to take some action, because the the voluntary approach doesn’t work – just look at how organizations in both the private and public sectors are dragging their feet over PCI DSS compliance! The privacy of individual data requires more stick.

As ample proof, one need only look to the latest cases of lost MoD laptops and Carphone Warehouse’s recent misdeeds.

I rest my case!

Also from ComputerWeekly, Chief Information Officers need to take a leading role in setting up formal information classification schemes to stop them over-engineering them to comply with security regulations, according to a report from the Information Security Forum.

Well, yes – classifying information correctly is a corner stone of effective information security management. A simple scheme, that assumes that the bulk of information should be available to all employees with only specific types of information restricted on a need to know basis is the most practical approach available. It’s all discussed at length in my book, International IT Governance.

Confusion apparently surrounds the future of the job running the NHS’s £12.4bn flagship IT programme, and the timetable for the departure of director-general Richard Granger.

Wouldn’t it be nice if there were proper leadership of the NHS? But, as the NHS is increasingly run from 10 Downing Street, indecision and interference will get increasingly worse. And there’s every chance that the CfH programme will, without proper leadership, lose its way and we’ll see any improvements that have actually been achieved whither away.