01 September 2014
Compliance with the Data Protection Act by local authorities still needs clear improvement, according to the ICO.
A report of 16 local authorities audited by the Information Commissioner’s Office (ICO) has highlighted the need for better training and effective data protection governance.
The 16 local authority audits included an overall ‘assurance rating’ but none received high assurance that they were complying with data protection law. Six were told they had considerable room for improvement, while one was warned that immediate action was required.
The ICO has levied penalties for the most serious breaches of data protection totalling over £2.3 million.
ICO Group Manager in the Good Practice team, John-Pierre Lamb said: ‘The types of breaches we’re seeing are fairly consistent, with personal information being disclosed in error and lost or stolen paperwork and hardware prevalent.‘We recognise that councils are having ‘to do more with less’ due to on-going budgetary pressures, but it is important to appreciate that the lack of effective governance structures and training programmes significantly increases the risk of serious breaches of the DPA.’