New security classification system prompts ‘data dumping’ fears


Adoption of the Government Security Classification Policy (GSCP) could lead organisations to reclassify data in haste, without fully considering the risk management implications.

According to data management consultancy Auriga, the process, described as data dumping', could have serious confidentiality implications for both the private and public sector.

To avoid this, private and public sector organisations need to take care to fully re-evaluate data, assign the appropriate categories and adjust their risk management profile, the company said.

The warning follows on from the sending out of a notification to central Government and private sector suppliers, explaining they had nine months to move from the current six-tier Government Protective Marking System to the new three-tier GSCP.

While the change, which forms part of the wider Civil Service Reform Plan, is supposed to make classification simpler for both the public and private sector, Auriga has said this transitional phase is likely to be painful in light of the short deadline.

Furthermore, the company claims, this is when data dumping' is most likely to happen.

Geoff Eden, subject matter expert at Auriga, said: "A data classification system should be an integral aspect of any organisation's data lifecycle processes, with the approach to risk management, and the necessary level of assurance, shaped by the characteristics of each classification.

"The GSCP can help Departments and Agencies realise the business and security benefits of this, but only if data classification is well thought through, effectively integrated with the organisation's data lifecycle processes, and not done in haste."

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.