Government infosec requirements "too onerous" for charities

23 Nov 2010 News

Charities delivering public services are struggling to deal with the data security requirements being imposed on them by government, according to leading charity IT chiefs.

Charities delivering public services are struggling to deal with the data security requirements being imposed on them by government, according to leading charity IT chiefs.

Sources told Civil Society IT they were wary of speaking out for fear of prejudicing their relationship with commissioners, but confided that government departments are under pressure to comply with the Hannigan Report on data handling and as a result are sending it out to charity contractors in a non-tailored format.

Highlighting the issue, one said that although better data security is “probably a good thing”, the requirements are “onerous” for charities.

Another said: “You get these form letters from someone you’ve never heard from before, saying you must sign up to these new regulations within four weeks or you might lose your funding.

It’s obviously one of their big obsessions but when we’ve looked at the regulations we’ve thought ‘do they realise this is going to put up our costs? Do they realise we aren’t a massive government department?’ Their guidelines aren’t necessarily applicable to the voluntary sector.”

The latter IT director called for one of the sector umbrella bodies to develop a framework for charities, particularly smaller ones.

“There has to be a way of scaling this down; not everybody has to be ISO 27001 certified and it would be ridiculous for the vast majority of charities that are less than ten people.”

Information assurance seminar

The government has made some effort to work with the sector on data security issues; in July this year the Cabinet Office invited delegates to a workshop on information assurance in the civil society sector.

However, there is no word on whether any of the principles agreed at the event will be put into practice.

The Cabinet Office declined to comment on this or charities’ concerns over the implementation of the Hannigan Report.