Latest Public Sector News

30.05.14

ICO critical of Wolverhampton Council data security

Wolverhampton City Council has been ordered to provide adequate data protection training to its staff, following a series of failures. 

The Information Commissioner’s Office (ICO) said it was taking the enforcement action following a series of warnings dating back over two years. 

ICO’s action comes after an investigation into a data breach at the council that occurred in January 2012. The breach was caused when a social worker, who had not received data protection training, sent out a report to a former service user detailing their time in care. However, the social worker failed to remove highly sensitive information about the recipient’s sister that should not have been included. 

However, in late December 2011, just before the breach, the ICO had completed an audit with the council, where it recommended the council should introduce a data protection policy, explaining how people’s information should be kept secure. It also recommended the council should provide mandatory staff training so that the policy was followed. 

The policy was introduced in May 2013 with mandatory training for all staff scheduled to be completed by the end of February this year. However, the ICO has discovered the council has failed to meet this deadline with two thirds of the council’s staff (68%) still having not undertaken the training. The council must now make sure the training is provided to all staff within 50 days, or the matter will be treated as contempt of court. 

Stephen Eckersley, ICO head of enforcement, said: “The lack of urgency displayed by Wolverhampton City Council is startling. Over two years ago, we reviewed the council’s practices and highlighted the need for guidance and mandatory training to help its staff keep residents’ information secure. 

“Despite numerous warnings the council has failed to act, with over two thirds of its staff still remaining untrained. We have taken positive steps and acted before this situation is allowed to continue any longer and more people’s personal information is lost.” 

Wolverhampton City Council told PSE: “The council accepts the findings in the ICO’s report. Over the last year, employees have been undertaking compulsory data protection training and we are on track to meet the ICO’s deadline to complete this. 

“This is one of a number of significant measures we have put in place to improve the council’s Information Governance service since the ICO’s audit in 2011.” 

Tell us what you think – have your say below or email [email protected]

Comments

There are no comments. Why not be the first?

Add your comment

related

public sector executive tv

more videos >

last word

Prevention: Investing for the future

Prevention: Investing for the future

Rob Whiteman, CEO at the Chartered Institute of Public Finance (CIPFA), discusses the benefits of long-term preventative investment. Rising demand, reducing resource – this has been the r more > more last word articles >

public sector focus

View all News

comment

Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Bei... more >
How community-led initiatives can help save the housing shortage

19/06/2019How community-led initiatives can help save the housing shortage

Tom Chance, director at the National Community Land Trust Network, argues t... more >

interviews

Artificial intelligence: the devil is in the data

17/12/2018Artificial intelligence: the devil is in the data

It’s no secret that the public sector and its service providers need ... more >