Government suppliers given IAS6 warning

New data protection standard will place more scrutiny on government suppliers

Government suppliers holding personal data have been urged to get their houses in order in preparation for a new data breach-busting standard.

From June, all government departments must prove they are compliant with a new HMG Information Assurance Standard around data protection - the IAS6.

However, in a move designed to halt the string of data breach scandals seen in the public sector over the last 18 months, the standard will also apply to government suppliers.

Mike Gillespie of security consultancy Advent IM has just been accredited as an
authorised auditor and is looking to raise awareness around the standard.

He stressed that the standard would apply to any service provider holding personal data on behalf of the government, including outsourcing firms and hosting providers.

According to the Information Commissioner’s Office, 99 data breaches occurred in the public and private sector in the three months to November 2008, compared with 277 for the whole of the previous 12 months. In many of those cases, it was a government supplier, rather than the government department itself, that was at fault, said Gillespie.

“The government has recognised for the first time that suppliers are as weak a point as the government itself,” he told CRN.

Gillespie said suppliers would need to be fully compliant within 12-24 months, depending on the type and quantity of data they hold.

“Government suppliers need to be aware that this is coming around the corner and need to get their houses in order now,” he explained. “Once government departments have got their own house in order, they will turn their attention to suppliers.”