Are you one of the nine million people who don’t trust their family doctor? According to a YouGov poll1, the level of trust in doctors in the United Kingdom has declined by eight percentage points since early 2003. Others, such as the police, school teachers, and civil servants fare even worse. Are we generally becoming a less trusting nation? And how does this affect our confidence in the public sector’s ability to protect the personal information it holds on us?
In my blog, Digital by Default, I identified trust as a key issue for the public sector as it tries to move more public services online. David Rennie - on the Government Digital Services blog site - acknowledges it’s a complex issue that’s as much about winning the hearts of people as it is about winning their minds. I think he’s right. In fact, as the majority of citizens don’t want to understand more than a basic level of cyber-security I’d say it’s all about winning the hearts of our people. But hearts are fickle things and I wonder if we are guilty of double standards where trust is concerned?
For instance, judging by the outcry from the UK media whenever a government data loss is announced, it would appear we have zero tolerance to data losses by the public sector. Yet the Daily Telegraph, reporting on the outcome of a vouchercodes.co.uk survey, states that 59% of us freely share the pin of our credit card. This is mainly with family and I guess the most common defence would be “but I trust my partner and family”. No doubt this is true, but I don’t think you’d accept the same argument if a public sector organisation released sensitive information about you to another member of your family. So is the public sector a victim of its own honesty?
I welcome the government’s Transparency Agenda and the openness it brings including its willingness to share information about data security breaches. But, as the Cabinet Office report The Cost of Cyber Crime2 tells us, the majority of the £27Bn liability to the UK economy per annum resulting from cyber crime is borne by industry through things such as intellectual property-right theft and industrial espionage. Clearly, it’s not just government that has issues regarding the protection of data but it does appear to be more open about it. However, will new policy initiatives complicate this?
The recently published Open Public Services Whitepaper sets out how the government will improve public services. A key initiative is to encourage greater involvement of the not-for-profit and the private sectors in a more open market for the delivery of services. As the public sector increasingly becomes the guardian, rather than the delivery arm, of services so the boundary of trust must also expand. So, is it reasonable to base our level of trust on zero tolerance to data security breaches?
Where the public sector is concerned I think we have unrealistic expectations. Trust is a balance between risk and opportunity as the credit card example demonstrates. After all, in the majority of instances the data held on us by public sector organisations is pretty trivial. Surely, as in other walks of life, we need the assurance that best efforts to protect it are being employed but we also need to accept that, occasionally, things will go wrong.
Do you think we should accept the occasional government security breach? What is an acceptable trade off between cost and risk? Why do we exhibit double standards when it comes to trust in public organisations? How does the delivery of services by non-public sector organisations affect your trust that personal data is safe? If data breaches have caused your organisation to rethink your data loss prevention strategy, why not take our survey at http://twtpoll.com/zhqti6
1 YouGov (2011) Whom Do The Public Trust?
2 The Cabinet Office and Detica (2011) The Cost of Cyber Crime