'IT suppliers discredited by data breach'

A Home Office IT contractor who lost a memory stick loaded with personal information may convince other departments to bring their sensitive data projects back in-house.



Analysts say calls for the state's sensitive data projects to be run by civil servants rather than contractors have come in since the loss by private firm PA Consulting.



Although overturning control of sensitive data back to public sector officials would not guarantee data security, the callers told Ovum it would make accountability easier.



It would also cut costs: as a result of the PA Consulting incident, the Home Office terminated the offending contract and suspended all of its other ones with the firm.



The department took on an IT workload valued at £500,000 a year, while setting about reviewing all other private contracts to ensure "appropriate" security provisions.



Most observers praised the department's prompt response, made more wide-ranging because of a string of similar data losses by the government or its contractors.



Tola Sargeant, an Ovum analyst, said the actions of the Home Secretary should be a lesson to all IT suppliers contracted by the government to work with sensitive data.



"Unless private sector companies can restore confidence in their ability to keep such data secure, these calls [to replace contractors with civil servants] will intensify," she warned.



Not only could the calls result in "more databases being taken in-house" but they could also prompt a rethink on ID cards, which PA has been paid £100m in consultancy fees for.



"Even if other contracts are not directly affected," the analyst said, "PA is likely to find it more difficult to convince central government departments to do business with it in the near term."



According to the firm's last fiscal year, PA derived 60% of its £100m software and IT services revenues from the public sector, with more than half originating from central government.



Thanks to the actions of one employee, PA's reputation in the public sector "will be hit hard," while management will be "nervous" about the total bill arising from the breach.



"We have seen an increase in spending on secure access projects and end-point security deployments across the public sector since HMRC lost the child benefit data," Sargeant added.



"But in the longer term, the impact on software and IT services spending in the UK public sector may not be so positive. We are already hearing calls for a review of the number of databases of sensitive information that the government holds and for the handling of sensitive data to be done by civil servants rather than contractors."