Following an audit by the Information Commissioner’s Office (ICO) during September 2010, I am pleased to report that the council has been assessed as offering a reasonable level of assurance in our ability to meet our obligations to protect people’s personal information.
The audit followed an invitation to the ICO from the council to review our compliance with the Data Protection Act 1998 (DPA). The council had experienced two incidents involving data security lapses, which it had reported to the ICO.
As a result, actions have been taken by the council to consistently improve the handling of sensitive and personal data. These include:
- Mandatory information management training rolled out to all “Information Owners”
- Encryption of laptops and data sticks to prevent unauthorised access to data
- A review of processes for checking criminal records of staff and volunteers, and improvements to data security in relation to these
- Full risk assessments across all services, with improvement plans to ensure good information management, monitored through a strengthened Information Governance Group
These and other actions demonstrate the seriousness with which the council takes its data protection responsibilities. Further, through the audit process, the council wished both to seek assurance about the effectiveness of its processes, and to learn to improve further its management of potential risks.
An action plan following the audit has been agreed with the ICO. Implementation of this will be managed and monitored through the council’s Information Governance Group. The group’s representatives will continue to ensure that best practice is adopted, maintained and refreshed in all areas of our activities, to support further the embedding of DPA principles in the way we work.
Kim Ryley
Chief Executive