UK councils are falling woefully short when it comes to protecting sensitive data, according to a recent study by data security firm BeCrypt.

The survey, conducted among 60 councils, London boroughs and police authorities, investigated how public sector organisations approach the legal requirements for mobile working and data security.

BeCrypt's Public Sector Data Security Survey found that 43 per cent of respondents admitted that no data is encrypted by their organisation.

Around 45 per cent said that data on some computers carrying sensitive material is encrypted, and only 10 per cent said that data on all machines is encrypted.

The survey also asked about disaster recovery plans in the event that employees may not be able to get to work, and how important mobile working is to the organisation, including questions on data leakage and the use of USB devices.

"The survey provided a useful piece of quantifiable research to assess how public sector organisations approach the increasing requirement for mobile working and the challenges that surround it," said Richard Brooks, EMEA director of sales at BeCrypt.
"The use of laptops, USB devices and other removable media are posing an increasing risk to data security.

"The survey highlights that 30 per cent of councils have no policy regarding the use of USB devices and the inadvertent or malicious threat of data leakage.

"It is evident that such organisations require a security policy and encryption solutions that enable that policy to be implemented."

Nearly four in 10 local authorities allow limited use of USB devices and implement port control security, and two per cent implement a total ban.

Furthermore, only eight per cent of those surveyed had a full disaster recovery plan in place.

The apparent lack of adequate data protection is even more worrying given that 38 per cent of respondents said that their organisation had suffered at least one incident during the past year in which a notebook was lost or stolen.