London Borough of Tower Hamlets has “considerable scope for improvement” in its data handling, according to an audit by the Information Commissioner’s Office.
An inspection by the watchdog resulted in the council receiving a “limited level of assurance” rating for data protection compliance.
The assessment gave a reasonable assurance rating for the security of personal data, and two limited assurance assessments relating to records management and requests for personal data.
The ICO report said: “The council should make greater use of its internal audit function to independently review the effectiveness of policies and procedures concerning IG, data protection, IT security and records management.”
These reports should be routinely made available for review and consideration at information governance group meetings.
The ICO recommended further development of the council’s information asset register to enable manual records to be identified and linked to existing databases.
In addition, arrangements around starters, movers and leavers would benefit from being enhanced, the report said.
“Procedures should be implemented to ensure human resources provide a regular list of these staff to the IT service desk, social care IT and facilities management and spot checks should be performed to ensure procedures are working satisfactorily,” it said.
And it called for a single council-wide process for collection, storage and disposal of confidential waste “which will help provide assurance that waste is being managed securely”.
The report praised other aspects of the council’s approach to data, saying that key staff are in place, and that it has produced an accessible booklet explaining its information handling procedures and policy.
The council is also compliant with the Public Service Network’s code of connection requirements, and it also adheres to a number of standards relating to information security.
In response, Tower Hamlets said that, as a result of the inspection, it has established an action plan to integrate the suggested improvements with its existing work on information governance and data protection.
Chris Holme, acting director of resources said: “The audit was an opportunity for the council to have a fresh pair of eyes look at our working practices around information governance and it was an insightful exercise which will improve our procedures for the future.”