3. The Survey
The protection of data is paramount right across the public sector, but as the public face
of government, local authorities are under increasing pressure to maintain the trust of the
public by ensuring that their citizens’ information is effectively safeguarded.
At the end of last year, the Information Commissioner’s Office (ICO) published an
analysis of ‘Data security incident trends’ , which considered a study of the recent data1
security incidents under their consideration.
It found that during the second quarter of the 2015/16 year (July to September 2015),
despite being the second most ‘prevalent’ sector in terms of data breaches, Local
Government accounted for just 11% of the total number of cases at the time (559). Yet as
local government is not currently mandated to alert the ICO to data breaches, there
could still be many that go unreported. The study also notes that the healthcare was by
far the worst offender, which could in part be attributed to the sensitivity of the data
processed by these organisations, the sheer size of the sector, and a recent move by the
NHS which now makes it mandatory to report incidents.
In the case of Local Government, the study does note that there has been a marginal
improvement since the third quarter of 2014/15 (October to December 2014) over the
course of the 2015/16 year. Yet it also warned that, in comparison to the first quarter of
this financial year, there had been a 27% increase.
The biggest issue was found to be the loss and/or theft of paperwork, which accounted
for a fifth of all incidents in this sector.
While Local Government continues to battle through a period of tight budget constraints,
protecting sensitive information must remain a top priority. Citizens are now looking to
their local authorities to safeguard their data in a time of increased digital connectivity
and transparency. This means that the strategies put in place to allow authorities to meet
the challenge of generating more efficient ways of working - often through the use of
new technologies such as mobile and cloud - must also be balanced with effective
security.
In light of this issue, iGov Survey have recently partnered with the fastest growing cloud-
based data protection provider, Druva, to further understand the barriers and benefits
this challenge brings to Local Government.
With large amounts of data now being stored in various locations such as endpoints and
the cloud, Druva and iGov launched a research project to examine the data security and
encryption strategies currently in place across the sector. It looked at the use of mobile
devices, as well as online and Cloud applications, and the security concerns that were
raised due to the use of these technologies. Finally, it also considered the impact of data
legislation put in place by government, and the bearing it has on the strategies currently
being used.
https://ico.org.uk/action-weve-taken/data-security-incident-trends/1
Page of3 15 Encrypting User Data in Local Government 2016
4. Survey Methodology and
Respondents Profile
This survey was conducted by iGov Survey in collaboration with Druva, and ran from 3rd
November 2015 to 21st December 2015. iGov Survey, a research body comprising of an
independent team of public sector experts, partnered with Druva on the project and all
views and results expressed within this report are from iGov’s impartial view point unless
explicitly stated otherwise.
Survey respondents represent a broad cross-section of seniority levels across Local
Government organisations, and job roles across IT departments, Corporate Services, and
at a Chief Executive/Deputy level.
84 individuals participated from 70 unique organisations across local authorities, each of
whom will have received a complimentary copy of the findings report. There was no
inducement to take part, and Druva was not introduced as the survey partner.
The results displayed throughout this report are based on those who fully completed the
questionnaire and are displayed as a percentage unless otherwise stated.
Page of4 15 Encrypting User Data in Local Government 2016
Borough
City
County
District
Metropolitan
Unitary
0 10 20 30
Sector Breakdown: Local Council Types
5. Key Findings
Over half of participants (59%) are ‘very confident’ in their
organisation’s ability to secure sensitive data on end-user
devices
However, confidence among the majority of this group drops when asked if they believe
their end-users comply with data protection laws. Just 18% remained ‘very confident’,
whilst over half were ‘somewhat confident’ (63%).
Page of5 15 Encrypting User Data in Local Government 2016
0 25 50 75 100
Very confident Somewhat confident Not very confident
Not at all confident
Our organisation is able
to secure sensitive data
on end-user devices
Our end-users fully
comply with data
security policies
Question: How confident are you in the following:
6. Almost all of our survey participants stated that at least a
small proportion of their staff had access to a mobile
device for work purposes (93%)
This was supported by 83% who said they had a Mobile Device Management solution
deployed within their organisation.
Of those who stated that at least a small proportion of their staff had access to a mobile
device for work purposes, nearly a third (29%) stated that this applied to 11-25%, whilst a
further 14% told us more than 75% of their work force had access.
Page of6 15 Encrypting User Data in Local Government 2016
7%
62%
31%
Yes
No
Don't know
Question: Do you currently have a Mobile Device
Management solution deployed for mobile devices across
your organisation?
More than 75%
51 - 75%
26 - 50%
11 - 25%
1 - 10%
0%
Don't know
0 10 20 30
Question: What percentage of your staff currently uses or has access to a mobile device for
work purposes?
7. Nearly two-thirds of participants stated they did not use
cloud applications within their organisation (62%)
Despite the growing use of Cloud technology, and an awareness of the benefits this can
bring to Local Government, just 31% told us that they used these applications within their
organisations.
Yet interestingly, of the 30% who do make use of cloud applications, only a small
minority (31%) are able to monitor what sensitive data is accessed by end-users through
these applications. In addition, a further 28% did not know whether this was possible or
not.
Page of7 15 Encrypting User Data in Local Government 2016
7%
62%
31%
Yes
No
Don't know
Question: Currently, does your organisation use cloud
applications such as Office 365 or Dropbox?
42%
28%
30%
Yes
No
Don't know
Question: Are you able to monitor the sensitive data
accessed by end-users through these applications?
8. Just 30% of survey participants reported that they had ’full
awareness’ of new data laws soon to be introduced by the
EU under the General Data Protection Regulation (GDPR)
A further 59% reported having a limited awareness of the new data laws, whilst 11% told
us they had no awareness of the new laws at all.
Encouragingly, just under a third (31%) told us they were already planning further
development to meet the requirements of the new data laws. In contrast, over half (53%)
said that more research was needed into what these new laws entail before their
organisation conducted any development within their data security and protection
strategies.
Page of8 15 Encrypting User Data in Local Government 2016
11%
59%
30%
Yes - I am fully aware of this
Yes - I have a limited awareness of this
No
Question: Are you aware of the new data laws soon to be
introduced by the European Union under the General Data
Protection Regulation (GDPR)?
13%
3%
53%
31%
Yes
We need to do more research into what this entails
No
Don't know
Question: Is your organisation planning any development
within your data security and data protection to meet these
new requirements?
9. Almost half (47%) also believe that further understanding
of compliance risks would be beneficial to their
organisation
Just 28% of surveyed organisations felt that they didn’t currently require any further
knowledge of data protection, whilst a further 17% felt their organisation needed to
develop a better understanding of how to secure sensitive data to update their strategy
in line with new technologies.
Page of9 15 Encrypting User Data in Local Government 2016
0 10 20 30 40 50
Question: To what extent do you think having a clearer understanding of compliance risk on end-
user systems would benefit your organisation?
I feel our organisation needs a better
understanding of how to secure
sensitive data to update our strategy
in line with new technologies
Further understanding would be
beneficial to us as we review our data
protection strategy
We don’t feel any further knowledge
of data protection is required at this
time
Other - please specify
Don’t know
10. Conclusion
by Rick Powles, Senior Vice President at Druva EMEA
With large amounts of data now being stored in various locations such as endpoints and
Cloud applications, organisations are challenged to keep up with evolving security
threats and technology to ensure that sensitive information is protected at all times. New
privacy laws also strain organisations who may not understand what is required or have
the tools in place to ensure compliance. This survey examined the data security and
encryption strategies currently in place along with provided insights into the barriers and
benefits that new technologies and legislations bring to Local Government organisations.
Fortunately, organisations in the public sector recognise the need to better understand
the impact that these challenges have on their existing data protection strategy.
Additionally, they understand that the lack of visibility into sensitive data in the cloud
poses a threat. Protecting sensitive information must remain a top priority for local
governments as well as staying informed of not only changes in legislation but tools that
can better equip them for the future.
Page of10 15 Encrypting User Data in Local Government 2016
11. Appendix 1: Full Survey Questions
Page of11 15 Encrypting User Data in Local Government 2016
Grid Question: How confident are you in the following:
Our organisation is able to secure sensitive data (such as citizen information, financial
records, housing data, etc) on end-user devices
Answer Percent
Very confident 59%
Somewhat confident 34%
Not very confident 3%
Not at all confident 4%
Our end-users fully comply with data security policies
Answer Percent
Very confident 18%
Somewhat confident 63%
Not very confident 13%
Not at all confident 6%
Question: What percentage of your staff currently uses or has access to a mobile device
for work purposes?
Answer Percent
0% 0%
1 - 10% 3%
11 - 25% 29%
26 - 50% 27%
51 - 75% 20%
More than 75% 14%
Don’t know 7%
Question: Do you currently have a Mobile Device Management solution deployed for
mobile devices across your organisation?
Answer Percent
Yes 83%
No 7%
Don’t know 10%
12. Page of12 15 Encrypting User Data in Local Government 2016
Question: In terms of a percentage, how many of your organisation’s mobile devices are
encrypted?
Answer Percent
0% 3%
1 - 10% 3%
11 - 25% 1%
26 - 50% 7%
51 - 75% 8%
More than 75% 65%
Don’t know 13%
Question: On average, how many devices are damaged or lost in your organisation per
year?
Answer Percent
1 - 10 42%
11 - 20 13%
21 - 30 7%
More than 30 7%
Don’t know 31%
Question: Are there any groups in your organisation most prone to losing mobile devices
or subject to theft?
Answer Percent
Frontline staff, such as administration 21%
Managers 1%
Data handlers/managers 3%
Executives 7%
Other - please specify 14%
Don’t know 54%
Question: Currently, does your organisation use Cloud applications such as Office 365 or
Dropbox?
Answer Percent
Yes 31%
No 62%
Don’t know 7%
13. Page of13 15 Encrypting User Data in Local Government 2016
Question: Are you able to monitor the sensitive data accessed by end-users through these
applications?
Answer Percent
Yes 30%
No 28%
Don’t know 42%
Question: Are you aware of the new data laws soon to be introduced by the European
Union under the General Data Protection Regulation (GDPR)?
Answer Percent
Yes - I am fully aware of this 30%
Yes - I have limited awareness of this 59%
No 11%
Question: Is your organisation planning any development within your data security and
data protection to meet these new requirements?
Answer Percent
Yes 31%
We need to do more research into what this entails 53%
No 3%
Don’t know 13%
Question: Are you looking to implement a new solution as part of these plans?
Answer Percent
Yes - within the next 6 months 27%
Yes - within the next 12 months 14%
Yes - post 12 months 9%
Yes - when the GDPR comes into effect 14%
We have no plans at this time 27%
Don’t know 9%
14. Page of14 15 Encrypting User Data in Local Government 2016
Question: To what extent do you think having a clearer understanding of compliance risk
on end-user systems would benefit your organisation?
Answer Percent
I feel our organisation needs a better understanding of how to secure sensitive data to
update our strategy in line with new technologies
17%
Further understanding would be beneficial as we review our data protection strategy 47%
We don’t feel any further knowledge of data protection is required at this time 28%
Other - please specify 4%
Don’t know 4%
15. Appendix 2: Participating Organisations
Page of15 15 Encrypting User Data in Local Government 2016
Armagh, Banbridge and Craigavon District Council
Arun District Council
Aylesbury Vale District Council
Birmingham City Council
Bracknell Forest Council
Brent Council
Buckinghamshire County Council
Cambridgeshire County Council
Central Bedfordshire Council
Chelmsford City Council
Cheshire West and Chester Council
Chesterfield Borough Council Chichester District Council
City of Bradford Metropolitan District Council
City of London Corporation
Copeland Borough Council
Cumbria County Council
Derby City Council
Derbyshire County Council
Dorset County Council
Dudley Metropolitan Borough Council
East Cambridgeshire District Council
East Hampshire District Council
Eastbourne Borough Council
Erewash Borough Council
Flintshire County Council
Forest of Dean District Council
Hampshire County Council
HerFordshire County Council
Hinckley and Bosworth Borough Council
Leeds City Council
London Borough of Hammersmith and Fulham
Manchester City Council
Medway Council
Mendip District Council
Norfolk County Council
North Lanarkshire Council
North Warwickshire Borough Council
Oxfordshire County Council
Peterborough City Council
Redcar and Cleveland Borough Council
Renfrewshire Council
Rochdale Borough Council
Runnymede Borough Council
Shetland Islands Council
Shropshire Council
Solihull Metropolitan Borough Council
South Gloucestershire Council
South Norfolk Council
South Somerset District Council
Southend on Sea Borough Council
St Helens Council
Stockport Metropolitan Borough Council
Stoke-on-Trent City Council
Sunderland City Council
Surrey County Council
Tandridge District Council
Tendring District Council
The Moray Council
Thurrock Council
Torbay Council
Trafford Council
Vale of Glamorgan Council
Warrington Borough Council
Wealden District Council
West Lothian Council
Wigan Council
Wiltshire Council
Wirral Borough Council