An independent reviewer will release a report next month analysing how government agencies manage and protect information, as it looks at ways to broaden how different agencies exchange data.
The Information Assurance review, due to be released at the end of May, is an independent look at how different organisations structure policies around information handling, said Nick Coleman, who heads the review, which falls under the Central Sponsor for Information Assurance, part of the Cabinet office.
Coleman spoke publicly for the first time about the review at InfoSecurity Europe conference in London, although he did not preview any details of the review itself.
The review will be used by the Cabinet to formulate a revised national strategy on information assurance, due for release in the coming months, as well as updating an information assurance review released in 2004. It encompasses areas such as leadership and governance, enterprise architecture and compliance issues, Coleman said.
The independent review comes as the government undertakes several massive IT projects, all of which have security and privacy concerns their reliance on sensitive personal information, including a national ID card program, a revamp of the National Health Service's (NHS) IT systems and a programme to strengthen border controls.
The government has an ever-increasing reliance on IT systems. Coleman cited statistics: the country's Police National Computer, a database use by law enforcement, processes 10 million requests each month; the Department for Work and Pensions handles the distribution of 13 million benefits payments every week; and it's also expected that a large proportion of the 1.3 million NHS employees will need access to patient records as part of the agency's IT modernisation program.
"This is big scale," Coleman said.
In January, Prime Minister Tony Blair said more sharing between government agencies could result in better services to citizens, such as reducing the number of forms. But activists have raised concerns over the risks data sharing poses to personal data privacy and security.