The Information Commissioner’s Office has called for the Government to ensure its transparency and secure data protection through private correspondence channels such as, private email, WhatsApp and other messaging apps.
The ICO report in 2021 details concerns raised into the alleged misuse of private communication channels which are used by Government Ministers in the Department of Health and Social Care (DHSC). The common concerns related to such processes making it possible that data could be lost from the public record, and therefore not available for the public or official’s knowledge of government decisions. A thorough investigation revealed inadequate compliance of transparency and personal data protection obligations.
With a proportion of Government and DCMS services rooted in private sector policy to help businesses and citizens, the ICO’s drive for the Government to assess its own data handling may also be to ensure standards are sustained across other Government operations, with more biometric and digitalised verification measures being implemented in schemes such as Right to Rent and Right to Work.
In light of the report made in 2021, the ICO has made fresh demands of the Government to review its appropriate use of data in the interests of all its operations leveraging citizen and corporate data.
The report makes reference to the pandemic which at the time the report was released put immense pressures on the Government’s response and led to new technologies being introduced to enable conversations within Government. Although the document concedes that the “deployment of these technologies failed to appreciate the risks and issues around the security of information and managing transparency obligations.
In the Commissioner’s message, he states their use does not remove “the requirement for government officials, departments and the wider public sector to continue to be accountable to the people they serve”, as data security protocols and transparency they are seen to abide by within Government transcends across their policies for the private sector.
During the pandemic crisis, there was clear evidence that Ministers were frequently copying information to Government accounts and they did not have the secure IT and organisational infrastructures to mitigate security threats to the private correspondence channels. Moreover, the number of private channels was viewed to be a risk to public records going missing or being mistakenly deleted, exacerbated by “significant gaps based on how key individuals were working in practice”.
The ICO as a result issued the DHSC with a Practice Recommendation under FOIA and a Reprimand under the UK General Data Protection Regulation.