PublicTechnology

County council ‘at risk of losing data’

Colin Marrs July 16, 2014 in Uncategorised Tagged , - 2 Minutes

Worcestershire County Council is at “substantial risk” of failing to ensure proper data protection, according to an inspection report.

The Information Commissioner’s Office carried out a data protection audit in the wake of an incident in November 2011 where sensitive personal data was mistakenly released to the wrong parties.

The ICO has now concluded that there is only a “very limited assurance” that processes are in place to deliver data protection compliance.

Its report said: “The audit has  identified a substantial risk that the objective of data  protection compliance will not be achieved. Immediate action is required to improve the control environment.”

The audit revealed some areas of good practice, including mandatory data protection online training modules for all staff.

But it said that the council had no formal information governance structure in place, although a senior information risk owner has recently been appointed.

The ICO said that the council should appoint and train information asset owners and develop a comprehensive information asset register.

“This should identify all information assets held (both paper and electronic), detail owners of these assets and risk assess the threats to those assets,” it said.

This register should be maintained centrally by a named owner and updated at least annually.

According to the audit, responsibility for information governance is split between individuals in a number of different departments.

In addition, policy documents relating to data protection and information governance are “either not being regularly reviewed or, where reviews are taking place, records of these reviews are not being maintained”.

Some of the current policies do not identify key roles in relation to IG or describe key responsibilities, it added.

The ICO recommended the introduction of privacy impact assessments which should be embedded into project development and system design processes.

The council, according to the report, does not have a standard log  or maintain a log of information sharing agreements.

The ICO recommended that Worcestershire should apply monitoring and disposal arrangements for projects that involve sharing data with other organisations.

Nobody from the council was available to comment on the report at the time of publication.

Related Posts

Scotland’s top tech adviser grilled by MSPs over ‘colossal’ salary
January 13, 2023
Critics call for insider-trading probe into Braverman emails
November 4, 2022
Public sector websites mark the death of the Queen
September 9, 2022

Colin Marrs

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter Signup
Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our newsletter
ErrorHere