Over half (52%) of records and information managers at local authorities feel that security breaches are “accidents waiting to happen" as a consequence of time pressure and resource constraints. The safety of confidential and highly sensitive information – from employee records and legal files through to school admissions and social care records – could be at risk, with two thirds of senior managers (67%) believing inadequate information management will cause a significant data breach sooner rather than later. For many senior managers (71%), budget cuts present the main threat to the quality of information management and security.
The findings come from a new study of senior managers and records and information professionals at local authorities across the UK conducted by Iron Mountain® (NYSE: IRM), the global leader in storage and information management services. Iron Mountain explored the perspectives of local government employees with senior responsibility for managing information in order to understand the current challenges they face and the impact these challenges are having on information management and security.
A third of senior managers and information management professionals agree that excessive demands from central government (37%), a lack of staff (36%), time constraints (32%) and internal bureaucracy (31%) present the main barriers to effective information management. These barriers are making it difficult for those responsible for managing information to protect and, when the time is right, securely dispose of the information entrusted to them.
Over half (57%) of records and information managers say they have only seconds to handle documents – including invoices, legal and HR files – and approaching two thirds (61%) admit there aren’t enough staff to cope with the volume of information moving in and out of their organisation.
According to the research, half of records and information managers admit that the number of incidents involving poor information management has increased over the past 12 months. This mismanagement includes keeping records beyond their required retention period, sending information to the wrong person and taking confidential or sensitive information out of the workplace. Close to a third (29%) of record managers said that up to a fifth of their information has been inadequately managed over the past 12 months due to organisational pressure and change.
Almost half (42%) of the records and information managers and business leaders questioned lack faith in their colleagues’ ability to adhere to data protection legislation, manage information securely (45%) or apply the appropriate retention schedules (49%), suggesting that inadequate staffing levels and lack of time are leading to the erosion of trust between information professionals.
Commenting on the research, Phil Greenwood, Director at Iron Mountain said "Our findings highlight the extreme pressure that local authorities are under to effectively manage information with limited time and staff. The added complexity of understanding and following existing retention regulations, coupled with uncertainty around EU data protection regulations as a result of the Brexit vote mean the scale of the problem is going to get worse if the challenges are not addressed.”
Iron Mountain is urging senior managers and records and information managers to tackle the problem together in order to rebuild trust and ensure good information governance is a top priority. The company says that senior managers can help to drive cultural change and reduce information risk by working with the records management team to better understand the local authority’s obligations towards the information it holds and make sure that best practice is widely shared.
“It’s not enough to have clear information security and management policies and processes in place,” continues Greenwood at Iron Mountain. “Communication is key to ensure widespread adoption and encourage the implementation of information management best practice across all departments. Policy and processes need to reflect changes in regulations and internal processes, with these updates communicated clearly to all staff.”
