27.08.14
Councils must improve data protection compliance – ICO
The Information Commissioner’s Office (ICO) has published a report which highlights the ‘need for improvement’ in how local authorities comply with data protection laws. Reports Abigail Lillicrap.
ICO processed16 local authority audits last year and none of them achieved high assurance in their ‘overall assurance rating’ for data protection. This has been noted as an area in need of improvement for local authorities, as well as the need to focus on effective training.
However, none of the local authorities were named in the report.
The Data Protection Act was introduced to regulate the use and processing of personal data. Anyone who has access to personal data must comply with eight principles, in order to keep the information lawful and secure.
The principles are:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
Following the ICO audits, six councils were told they had considerable room for improvement, while one was warned that immediate action was required.
The report also includes a list of areas for improvement identified by the audits, notably improving training and ensuring effective data protection governance is in place.
John-Pierre Lamb, ICO manager in the Good Practice team, believes that the improvements noted via the audit would help those that they visited but also “prove helpful to many local authorities.”
He said: “The types of breaches we’re seeing are fairly consistent, with personal information being disclosed in error and lost or stolen paperwork and hardware prevalent.
“It’s clear that there’s room for improvement, and not just by the local authorities we visited: the areas for improvement we identified in those visits should prove helpful to many local authorities.
“By learning from the mistakes of others, and indeed learning from the examples of good practice we found, local authorities will improve their compliance with the law, and be less likely to find the regulator knocking on their door.”
Tell us what you think – have your say below or email [email protected]