ICO: “Ensure That Public Records Are Preserved”
Following the cybersecurity incident, some “public officers have transitioned to using mobile phones and personal email accounts to continue government services” and “senior leadership and other public officers must take steps now to ensure that public records are preserved,” the Information Commissioner said.
This follows after the cyber-attack late on Wednesday evening which affected multiple areas, and as of this writing the Government has confirmed that “the Government email system and switchboard remain out of service.”
A spokesperson said, “The Information Commissioner has released the following statement on the impact of the Government’s cybersecurity incident:
“In response to the ongoing cybersecurity incident, the Permanent Secretaries, Department Heads and other public officers have transitioned to using mobile phones and personal email accounts to continue government services.
“Regardless of the device or platform used, these electronic communications are public records that reflect government decision making and business. The same is true for paper-based communications and business processes being used at this time, as some government processes have reverted to paper-based transactions while their digital system is unavailable.
“Public officers must be mindful that these records are subject to search, retrieval and potentially disclosure in response to Public Access to Information [PATI] PATI requests.
“As Information Commissioner, I remind public officers and the public of my 6 April 2020 statement on Access to Information During a National Crisis. As with the Government’s response to the COVID pandemic, once this incident has passed, the public may seek full transparency and accountability of any decisions taken during this time, which will allow for critical engagement between the public and Government.
“Today is the first day of International Right to Know Week 2023. The Government’s ongoing response to this cybersecurity incident is a clear reminder that the public’s access to information about government decision making is an important connection between the Government and the people it serves.
“To safeguard the public’s PATI rights, senior leadership and other public officers must take steps now to ensure that public records are preserved, all decision making is documented, and strong information management practices are enforced. This may include the following practical approaches:
- Ensuring that WhatsApp and text messages include government-issued cell phones that preserve the communications.
- Providing guidance to public officers on the use of non-government email accounts, which may include instructions on saving and copying emails to government accounts once the incident is over; using specific platforms, such as one offering encryption for sensitive information; and creating new email accounts for work-related emails rather than using existing personal email accounts, which may be subject to future PATI requests.
The spokesperson said, “Ensuring that paper records are properly preserved and, if appropriate, scanned or otherwise entered into electronic systems once it is deemed safe to do so. The right to access public records under the PATI Act and public authorities’ obligations to comply with the PATI Act have not been suspended.
“As a practical mater, however, many public authorities continue to be affected by the cybersecurity incident and their ability and capacity to comply with the timelines under the PATI Act impacted. This may include timelines for responding to PATI requests, issuing internal review decisions, or addressing reviews by the Information Commissioner. Public authorities impacted by the cybersecurity incident and PATI requesters are urged to take a practical approach with PATI requests at this time.
“Finally, the ICO remains fully operational. If the public or public authorities have questions about the rights and obligations under the PATI Act, they may contact the ICO by phone [543-3700] or email [info@ico.bm], or visit our offices in person [4th Floor, Maxwell Roberts Building, One Church Street, Hamilton].”
And these are the clowns who want state-issued digital IDs and government-run healthcare.
I wouldn’t trust them with anything.
Mobile phones and personal e mail accounts being used? What could possibly go wrong. Hilarious if not so frightening.
The basics of any IT security is control what is where and who has access!! The last thing you do is allow anyone to use personal email for a business use! Takes no time at all to spin up a Google or 365 account and point your mail to it.
Spot on
The biggest problem with PATI is that there are no penalties for people who fail to comply with the PATI Act. Not even a slap on the wrist. Commissioner Gutierrez should be pushing to pass legislation to add financial and criminal penalties to the Act. She should also be pushing to improve the efficiency of Government and ICO processing of the PATI requests.
Unfortunately, the internal ICO processes need to vastly improve beyond delivering only 2 to 3 decisions a month. The backlog to process requests is now about a year. Seriously, a year! With a staff of 5, the best the ICO can deliver is 2-3 decisions a month.