Cabinet Office floats £2m short-term contract to address ‘weaknesses’ in data-handling
Department seeks commercial support in meeting targets set out in independent review
The Cabinet Office is seeking a commercial partner to fulfil a short-term £2m programme of work to address “weaknesses” in its handling of personal data.
The department underwent an independent review of its data-storage and -processing procedures in light of an incident in December 2019 in which personal details of those featured on the New Year’s honours list were leaked.
That review, led by technology executive and former Home Office non-executive director Adrian Joseph, concluded in April. It identified some “concerning lapses” amid what was generally characterised as an inconsistent approach to data protection.
Six core recommendations were set out: improve accountability and governance; reward expertise and skills; establish a new data strategy; be transparent on progress; update guidance and training; and implement consistent standards and controls for technology and data.
The Cabinet Office intends to make good on these recommendations by the end of 2020 and is seeking a supplier to support its work to do so.
The chosen bidder, with which the department will sign a contract worth up to £2.25m, will start work by 14 September.
“Delivering the Cabinet Office business strategy places a critical reliance on enhancing the capture, storage, management and use of personal and non-personal data. Recent events, however, have identified weaknesses in the Cabinet Office capabilities for managing personal data privacy,” the Cabinet Office said. “An independent review… identified systemic inconsistencies in data processes, controls and culture across Cabinet Office and that there is a significant risk that further and more impactful breaches will occur as the amount of personal data being handled by the department increases.”
The department added: “The independent review of the Cabinet Office’s personal data handling practices proposed recommendations to enhance the overall risk management of data privacy across the department. The Cabinet Office needs to implement this work prior to end December 2020.”
For the technical aspects of the programme, the Cabinet Office indicated that it would prefer to use cloud storage from Amazon Web Services or Microsoft Azure, rather than on-premises technology.
Suppliers wishing to bid for the work have until 27 August to do so.
A recent study finds that the pandemic has boosted budgets – but legacy tech remains a big barrier to progress
Plan includes establishment of national AI alliance
Memo from top brass preps officials for world in which government is more data-driven and less risk-averse
New plan emphasises need to improve credentials in STEM fields
Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.
SolarWinds explains how public sector organisations can make the most of their hybrid IT investments - delivering services that are both innovative and reliable
There are many reasons to keep your Oracle workloads running on local servers. But there are even more reasons to move them to the cloud as part of a wider digital transition strategy. Six Degrees...
Engage Process explains how to ensure that process remains at the heart of your management programs - and how to keep undue pressure from those processes