Government Chief Privacy Officer a great move
Welcome news today that a Government Chief Privacy Officer (GCPO) is to be appointed, who will oversee privacy and security issues across all government agencies.
A joint press release from Ministers Chris Tremain and Jonathan Coleman explains the scope of the new role:
"The Department of Internal Affairs is being realigned to strengthen privacy and security across the public service. The creation of a Government Chief Privacy Officer gives additional support to the Government Chief Information Officer (GCIO) to set standards and provide leadership and assurance that privacy is managed appropriately."
The Institute of IT Professionals is a strong advocate for this type of senior position and we wrote to Minister Tremain in August recommending that an appointment be made in this area.
We pointed out then that the Government Chief Information Officer cannot be expected to be across all security and privacy issues, in addition to his current workload - but it is essential that there is robust oversight in this area. Security and privacy across government is not yet at an acceptable level, and it won't be until someone is given the responsibility, resources and clout to get things to done.
However, it is pleasing to see that in addition to this new position, progress is being made. Minister Tremain notes in today's press release that 90% of agencies now have accountability for privacy and security at senior executive level, compared to 21% a year ago.
It's a good start, but there is still long way to go.
IITP would like to see the creation of a one-stop central 'hotline' where breaches can be reported and guidelines established on how government should handle breaches and notifications. In addition, there should be guidelines for members of the public on how they can go about reporting breaches. There is some good work already being done on this by the Internet Taskforce.
Finally, we also recommend that a bug bounty programme be established which pays a small reward for vulnerabilities found and can provide what many hackers really want: recognition. (Outgoing Privacy Commissioner Marie Shroff has also recommended that bug bounties be considered).
As always, IITP is happy to discuss these ideas with the GCPO when he or she is appointed.
See also: Hacking Government: 5 ways to turn the tide.
You must be logged in in order to post comments. Log In