I suppose I should be flattered that the Tories have adopted some of my ideas on cyber-security

Dominic Grieve has published a Conservative Party policy paper that promises to “reverse the rise of the surveillance state.”  Much of it is inevitably about ID Cards, DNA samples and the like.

There is also the usual stuff about repealing the Human Rights Act.  This, of course, is the Act that has given the citizen all sorts of legally-enshrined rights to protect him or herself against the power of the State – notably that any action by the Government which impacts adversely on an individual has to pass a proportionality test in relation to the supposed benefits that are intended to flow from it.  This can be tested in the Courts – as successive Home Secretaries have discovered to their cost in respect of Control Orders etc.  So why the repeal of the Human Rights Act is going to protect the public is not clear.

And then there is the strange (if you are Tory who normally fulminates against such politically-correct notions) proposal that a Privacy Impact Assessment must be prepared for new laws and regulations.  This is no doubt modelled on the requirement for Equality Impact Assessments – a requirement that as far as I am aware has not received universal approval from most Conservatives.

However, tucked away in the paper are a number of proposals on improving information security that I have to acknowledge are eminently sensible.  I have to acknowledge it because they are things for which I have been calling for years.

So I welcome proposals to strengthen the role of the Information Commissioner.  Not only have I been saying this for the last six years or so, but it also formed part of the report of the House of Lords Select Committee (I happened to be a member of it) on Personal Internet Security published in August 2007.

Likewise, I welcome the proposal for industry-wide kitemarks on data security best practice – another recommendation of the Select Committee.

And the proposal that a Minister and a senior civil servant in each Government Department should be designated as having personal responsibility for data security in that Department is also welcome (and again has a familiar ring to it).

I have long argued that requiring individual Ministers to champion information security and senior Whitehall mandarins to certify that they are personally satisfied with the information assurance processes in place would concentrate their minds wonderfully and lead to a real improvement in security.  (In a similar way, I am introducing – through the Committee I chair on the Metropolitan Police Authority, a system whereby senior officers sign off the health and safety arrangements in their commands.)

Dominic Grieve’s paper sets out an eleven-point plan.  I am happy to say that I can give three of the points my whole-hearted support.  It  would be churlish of me not to do so.  They were my ideas first.  (I’d accuse the Tories of pinching them from me, but I suspect it would be fairer – although why I should be fair, I don’t know – to accuse them of pinching them from the same person I did, if I could remember who it was.)

I do, however, have one concern about their/my proposal on Ministerial responsibility.  The difficulty is that most Ministers stay in particular jobs for too short a time for that responsibility really to mean anything.  Most Ministers are reshuffled every year – often far too short a time for them to make a real difference to anything.  Perhaps the answer would be for legislation saying that once appointed Ministers would have to stay in the same job for at least three years (unless sacked, in which case they would be banned from taking another Ministerial position until the original three years was over).  That would be good for the quality of administration in general.  I offer this to the Conservatives (or indeed anyone else) free, gratis and for nothing ….

Leave a Reply

Your email address will not be published. Required fields are marked *