Government’s recently appointed chief data officer Aimee Smith tells MPs that, for the first time, a specialist team under her oversight will focus on protection and the prevention of loss

Government’s digital centre is seeking to discourage – and even prevent – civil servants sending email attachments.

In a recent evidence session of the parliamentary select committee overseeing the work of the Department for Science, Innovation and Technology, senior DSIT officials and ministers updated MPs about efforts to clamp down on email attachments, and encourage civil servants to send files directly via cloud systems.

Digital government minister Ian Murray told the committee that, in an environment where “there is an enormous amount of transactions – particularly with DWP and HMRC and particularly the big, personal data departments… we have to make sure we protect that properly”.

“Reducing the reliance on email attachments is one way of trying to take some human error out of the system because you are able to build in those technological solutions at the point. It is very difficult to build in a technological solution to [address the risk of] an attachment to an email,” he said. “Does it take away the risk 100%? Of course it does not – and it would be unreasonable to suggest that that is the case, but there is now a suite of products in place to be able to do that, and it is… DSIT’s responsibility to make sure that is spread out across government.”

Murray indicated that such a tool would be used to forcibly prevent emails being sent “where appropriate”.

Government chief data officer Aimee Smith said: “In principle that [would be] ideal, but the challenge to a wholesale introduction of that is where you have departments operating on various different legacy systems where emailing an attachment internally may actually be the only way that you can take information from one system to another. That is the complicated nature of what we are looking at across all the departments and the arm’s-length bodies. So, in principle, we would be setting out how we want people to operate, but there is going to need to be some considered support, focus and investment for departments to get there.”

Related content

• Courts minister acknowledges email attachment limits are ‘particularly restrictive’ for justice-system participants
• GDS seeks leader to spearhead new government data strategy
• MPs lament ‘insufficient’ work on government data sharing

While DSIT is “progressing towards” the introduction of new technology to protect emails, government’s digital hub is “at the moment… focusing on making sure people know how to configure their systems to reduce human error [as part] of data-loss prevention”, Smith said.

The data chief added: “The cultural change of the practice of not sharing email files is something we are still working on, but there is more than enough capability in the suites that exist—whether departments are on Google or in Microsoft—to enable them to share documents without ever having to release them, especially inside the government estate, but also external to that. We have standards about what you can and cannot email that are put out to departments, and how they should be configuring their system.”

Such configuration is “slightly more challenging in departments [sending messages] to external recipients because they are on different legacy estates from each other, but in principle the mechanisms are there”, according to Smith, who took on the CDO role late last year, having joined government from London’s Metropolitan Police Service.

The work to limit the use of email attachments forms part of a wider drive to promote better data security, she told MPs.

Smith said: “We are building a team under me to be focused specifically on data protection and preventing data protection loss, which I do not think is a capability that government have invested in centrally before.”