14.06.17
Medway told to roll out data protection training urgently by ICO
A council has this week been given an enforcement notice to urgently improve the data protection training it offers to staff in a bid to tighten up standards.
Medway Council in Kent has been given six months to roll out mandatory data protection training to its staff by regulator the ICO, and has also been told to provide refresher training every two years.
The ICO specified that delivery of the training should be tailored to reflect the needs of the staff following a training needs analysis.
The council was originally told to roll out the training in October 2014, but a recent follow-up report by auditors found that the authority had not taken the necessary steps required to ensure that the training was being enforced.
“We’ve told this council several times they need to improve their data protection training for staff. They’ve not taken this action on board so we’ve been forced to issue this enforcement notice,” said Sally Anne Poole, ICO enforcement manager.
“Councils often deal with sensitive personal information so it’s vital that all staff know what they need to about data protection. With a new data protection law coming into force next May, now is the time when councils should be checking their training is up to scratch.”
And a Medway spokesperson told PSE: “We are committed to providing high standards of data security and will implement the ICO’s recent recommendations to further improve the tailoring, monitoring and recording of the mandatory training.”
The notice comes a day after a different council, Gloucester City, was fined £100,000 after a cyber-attack exposed its staff’s sensitive information to the hacker.
Have you got a story to tell? Would you like to become a PSE columnist? If so, click here.