In the UK, come July 5th we will have a new (or old) Government.

UK citizens will decide if they want a change from the Conservative government, who have been in place for 14yrs, or if it’s time for Labour to take over.

It’s important to state at the outset that I’m not here to argue the case for or against Labour or the Conservatives. But I do want to do is take a closer look at what both parties are saying about Security and Data Protection.

These topics aren’t exactly grabbing the headlines, as Tax, health and immigration are clearly topics which are exciting the general public.

Security matters

But security and data protection should be at the forefront of many of the discussions we’re having in parliament because their approach impacts each and every one of us.

On 13th May the PM, Rishi Sunak made a speech at Policy Exchange on security, where he stated that “The dangers that threaten our country are real. They are increasing in number. An axis of authoritarian states like Russia, Iran, North Korea, and China is working together to undermine us and our values.”

Throughout this speech he understandably focuses on the global threats we face, of which there are many.  However, it is also the views on AI that is of interest and relevance to us here.

Conservatives - AI Regulation 

The Conservatives have stated they will look for more regulations related to the adoption and use of Artificial Intelligence (AI). This isn’t much of a surprise, when we consider that people like Elon Musk are also calling for more regulations around this technology too.

Of course, AI is important, and it is without doubt going to become increasingly important as it is adopted and utilised in all areas of business and society.

My concern around this idea of ‘AI Regulation’, is that it requires international engagement and agreement. Consider for a second that we did have a European data protection regulation (GDPR) which the UK government has previously stated they wish to move away from(!). So, if we can’t agree on the way data is governed in Europe, how (or when) will international agreement on the use of AI take place?

My question on this would be; Do we actually need more regulations?  Consider for a second that AI operates based on data it consumes, then why can’t we rely on the good regulations we already have which require us to use data in a responsible way. This regulation already exists in the form of the General Data Protection Regulation (GDPR), or as I prefer to call it… Giving Data Proper Respect.

Labour’s Manifesto

It is understood that Labour will be releasing their manifesto on June 13th, so anything I state here is subject to change.

However, it is understood that the manifesto will be based on Sir Kier’s five ‘missions’ which he launched in 2023.  These are;

• Deliver economic stability

• Cut NHS waiting times

• Launch a new border security command

• Set up Great British Energy

• Crack down on antisocial behaviour

• Recruit 6,500 new teachers

We also know that security is a key part of his mission moving forward.

In the first speech of his general election campaign Sir Keir stated that “the very foundation of any good government is economic security, border security, national security” and that these pillars will be the “bedrock” of the first steps of a Labour Government, and the definition of service.

In details that were released in 2023, we also know that Labour will look to harness technology to boost the economy, and this includes ensuring we have cyber-resilience and security against rogue states and other hostile actors.

Again, while I believe this is laudable, I do worry that we are looking to the horizon when the threats are much closer to home.

Education, Education, Education

If I were to write an open letter to the new PM, whoever that may be, it would go something like this;

“Dear PM… You’ve got a big job ahead of you. We all know that, and like any manager, there will be many who believe they can do it better than you!

However, I am not one of them.

I do not envy your position, especially when it comes to the world of Information Security (aka ‘Cybersecurity’).  This is just too big a job for one person, or one country to take on.

But there are things you can do which will have an impact on information security and data protection, and it’s really not too difficult. 

First, disband the Information Commissioners Office (ICO) in favour of a group who don’t work in the public sector (or seek to serve it). Put people in place who have worked in businesses and understand the importance of data protection and security. 

There are hundreds of groups of thousands of security and data protection specialists who would be willing to help improve security and data protection. I know, because I’m one of them. I’m passionate about helping to shape the future of Cyber resilience and security in the UK, and I know that I’m just one of many who are.

Education Sector

Next, ask your education secretary to ensure that information security, privacy, data protection and data ethics are included in every academic course in the land. Starting at school, all the way through to University.

Make it a mandatory requirement that all schools (and universities) educate children on privacy rights, and that they engage with businesses to help develop their security progammes.  Every university course should include information security as a core concept.

• Lawyers need it.

• Doctors need it.

• Business leaders need it.

I’ve worked in Information Security for over 25 years and yet I still have conversations with business leaders who think that Data Protection or Security is ‘MY’ job, and that they are either not accountable or responsible for security of data.

At the most basic level, we need to educate people to understand that when we talk about ‘data’, we’re talking about real people. Those one’s and zero’s are people’s lives. I think that’s an important message to get across.

Finally, make it a benefit for organisations that can prove they have implemented good security. If they have implemented Cyber Essentials, ISO27001, or PCI DSS, give them reduced insurance, or tax relief.

Turn Security into a positive and something which offers benefits, rather than something to be feared will make it easier for Consultants Like Us to help people protect themselves.

There is so much to do. If you need help, let me know… I’m sure we can come to some favourable rates. 🙂

Best of luck for the next 5 years!

Regards

Gary.”

What about you? What would your letter say, if you were to write to the government? What do you think should be in the Labour or Conservative manifesto?

More questions?

Finally, if you are truly concerned about what has happened please contact us and we can offer additional advice and guidance on what you can do to protect yourself, your loved ones and your business.