UK government bodies are more vulnerable to data breaches now than ever before. Last week saw the London borough of Ealing and Hounslow council fined £80,000 and £70,000 respectively by the Information Commissioner’s Office (“ICO”) following the loss of two laptops containing sensitive personal information.

I have been consulting with one of these councils for over a year now to consider the deployment of Enterprise Rights Management across the entire organisation but this has not yielded a positive result. The last time I spoke to one of the managers responsible for data security I was told that the council was deep in the middle of their ICT strategy and would not be in a position to review anything outside of that until at least late 2012.

With many jobs on the line in local government, there is a great risk that staff could leave with confidential information with the aim of starting their own businesses or selling the information to third parties. However, it is a shame to say that out of 36 local government authorities I have made contact with, not one seems to have a solid strategy to prevent this from happening.

Even those who eventually keep their jobs will be less motivated to put data protection at the top of their agenda, and as such leave the council vulnerable to all kinds of data breaches. This picture is reflective of all government establishments up and down the country, and if there is the potential for financial gain the more vulnerable the organisation becomes.

The very low uptake of tools like enterprise rights management and data loss prevention is a true reflection of where the government at both the national and local levels. It is unlikely that anyone would loose their jobs when a data breach happens, and as such unless the ICO enforces the adoption of data security tools, it will be hard to stem the data breaches.