Latest Public Sector News


Councils must improve data protection compliance – ICO

The Information Commissioner’s Office (ICO) has published a report which highlights the ‘need for improvement’ in how local authorities comply with data protection laws. Reports Abigail Lillicrap.

ICO processed16 local authority audits last year and none of them achieved high assurance in their ‘overall assurance rating’ for data protection. This has been noted as an area in need of improvement for local authorities, as well as the need to focus on effective training.

However, none of the local authorities were named in the report.

The Data Protection Act was introduced to regulate the use and processing of personal data. Anyone who has access to personal data must comply with eight principles, in order to keep the information lawful and secure.

The principles are:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

Following the ICO audits, six councils were told they had considerable room for improvement, while one was warned that immediate action was required.

The report also includes a list of areas for improvement identified by the audits, notably improving training and ensuring effective data protection governance is in place.

John-Pierre Lamb, ICO manager in the Good Practice team, believes that the improvements noted via the audit would help those that they visited but also “prove helpful to many local authorities.”

He said: “The types of breaches we’re seeing are fairly consistent, with personal information being disclosed in error and lost or stolen paperwork and hardware prevalent.

“It’s clear that there’s room for improvement, and not just by the local authorities we visited: the areas for improvement we identified in those visits should prove helpful to many local authorities.

“By learning from the mistakes of others, and indeed learning from the examples of good practice we found, local authorities will improve their compliance with the law, and be less likely to find the regulator knocking on their door.”

Tell us what you think – have your say below or email [email protected]


Johnar   27/08/2014 at 19:59

It is about time things were tightened up. I have seen a few ways that data compliance has been literally steamrollered through. I saw personal details sent to people in error (data that showed financial information and address details. A judge at a tribunal had to ask for the information to be destroyed, but it was too late. I actually had experience of a CEOs computer full of data go missing. Although advice was given to contact Police, the advice was ignored....... This was all about avoiding the issues (regardless of what eventually emerged). Scandalous. This - and all at one Council that spent £1.4m keeping staff quiet.

Add your comment

public sector executive tv

more videos >

last word

Prevention: Investing for the future

Prevention: Investing for the future

Rob Whiteman, CEO at the Chartered Institute of Public Finance (CIPFA), discusses the benefits of long-term preventative investment. Rising demand, reducing resource – this has been the r more > more last word articles >

public sector focus

View all News


Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Bei... more >
How community-led initiatives can help save the housing shortage

19/06/2019How community-led initiatives can help save the housing shortage

Tom Chance, director at the National Community Land Trust Network, argues t... more >


Artificial intelligence: the devil is in the data

17/12/2018Artificial intelligence: the devil is in the data

It’s no secret that the public sector and its service providers need ... more >