Kent County Council (KCC) has been advised to improve its data protection training after an audit revealed that only 65% of staff had received mandatory coaching.
An investigation by the Information Commissioner’s Office (ICO) found that, overall, there was a reasonable level of assurance that the council had procedures in place to deliver data protection compliance.
However, the information watchdog found there was some room for improvement in the council’s education of its staff.
Its report said: “The most recent IG e-learning completion statistics provided for the purposes of the audit showed that only 65% of staff had completed this mandatory training.
“Data protection related training needs have not been regularly assessed for all staff groups with access to personal data or for those with specific data handling and security management responsibilities.
“There is no formal process to follow-up non-completion of data protection related training within services.”
In addition, the ICO said that KCC was not confident that all routine data sharing was supported by formal guidance.
But it said: “At the time of the audit, KCC was consulting on improvements to its data sharing standard operating procedure and a draft copy of its proposed replacement SOP was provided for review.”
On the positive side, the ICO said “it was encouraging to hear” that all staff within the Swale office Integrated Family Services had completed the records management e-learning training as mandatory induction training, despite not being mandatory for all staff corporately.
Overall, the council had a suite of policies, procedures and guidance to assist staff with data sharing, the watchdog said.