Council praised for remedial work on data compliance

Council praised for remedial work on data...A local authority has been praised by the Information Commissioner’s Office (ICO) for the swift and effective way it has responded to a previous data security failure.

Wolverhampton City Council was served with an enforcement notice by the ICO in May this year, following a breach of the Data Protection Act. It was ordered to provide data protection training to its entire workforce.

Information commissioner Christopher Graham commented: “We are pleased that Wolverhampton City Council have now provided adequate data protection training to all of their staff. It is important that the council maintains these practices going forward to make sure residents’ information is handled correctly and kept secure.”

He noted that a growing public awareness of the need for data to be kept safe means compliance is essential for both public and private sector bodies, adding that the ICO is to run a workshop for SMEs in the West Midlands region in late September.

Mr Graham said this would help small firms with “limited understanding of their responsibilities under the Data Protection Act” to learn how to get it right.  

There are eight principles in the Act, which state that information should be processed in a fair and lawful way, only used for limited purposes, kept to the necessary minimum, accurate, not held longer than needed, processed in line with the rights of citizens, kept safe and never transferred to other countries without it being adequately protected.

Wolverhampton City Council’s failure centred on the case of a social worker who had not been trained in data protection. The employee sent out a letter to a former service user that contained sensitive information about the recipient’s sister. This data should not have been included in the letter.

The breach occurred in January 2012, just a month after the ICO had completed a security audit with the council and recommended it introduce a data protection policy. However, the local authority failed to meet a deadline of training all its staff by the end of February this year, at which point 68 per cent had not received instruction on protecting data.

Search for compliance jobs with Barclay Simpson, leaders in compliance recruitment ADNFCR-1684-ID-801734307-ADNFCR