30.05.14
ICO critical of Wolverhampton Council data security
Wolverhampton City Council has been ordered to provide adequate data protection training to its staff, following a series of failures.
The Information Commissioner’s Office (ICO) said it was taking the enforcement action following a series of warnings dating back over two years.
ICO’s action comes after an investigation into a data breach at the council that occurred in January 2012. The breach was caused when a social worker, who had not received data protection training, sent out a report to a former service user detailing their time in care. However, the social worker failed to remove highly sensitive information about the recipient’s sister that should not have been included.
However, in late December 2011, just before the breach, the ICO had completed an audit with the council, where it recommended the council should introduce a data protection policy, explaining how people’s information should be kept secure. It also recommended the council should provide mandatory staff training so that the policy was followed.
The policy was introduced in May 2013 with mandatory training for all staff scheduled to be completed by the end of February this year. However, the ICO has discovered the council has failed to meet this deadline with two thirds of the council’s staff (68%) still having not undertaken the training. The council must now make sure the training is provided to all staff within 50 days, or the matter will be treated as contempt of court.
Stephen Eckersley, ICO head of enforcement, said: “The lack of urgency displayed by Wolverhampton City Council is startling. Over two years ago, we reviewed the council’s practices and highlighted the need for guidance and mandatory training to help its staff keep residents’ information secure.
“Despite numerous warnings the council has failed to act, with over two thirds of its staff still remaining untrained. We have taken positive steps and acted before this situation is allowed to continue any longer and more people’s personal information is lost.”
Wolverhampton City Council told PSE: “The council accepts the findings in the ICO’s report. Over the last year, employees have been undertaking compulsory data protection training and we are on track to meet the ICO’s deadline to complete this.
“This is one of a number of significant measures we have put in place to improve the council’s Information Governance service since the ICO’s audit in 2011.”
Tell us what you think – have your say below or email [email protected]