Cambridgeshire warned to improve data protection

Written by Colin Marrs on 11 August 2016 in News
News

Cambridgeshire County Council has been warned that it could be breaching the law because it cannot currently delete records held on its children, family and adults systems.

The Information Commissioner’s Office has given the authority a “limited assurance” assessment on existing arrangements and warned it to improve its arrangements to ensure full compliance with the Data Protection Act.

Its report identified a number of areas for improvement, despite listing a number of areas of good practice.

Its report said: “It was reported that client records held on children, family and adults’ systems cannot be deleted.

“Keeping records indefinitely is not good practice and it is likely that CCC is breaching the Data Protection Act by doing so.”

The ICO report also said that Cambridgeshire does not have any formal procedures in place to routinely review the quality of personal information that is shared under existing data sharing agreements (DSAs).

It said: “Retention periods for shared data are outlined within DSAs, however CCC do not currently undertake any checks to provide assurances that these retention periods are being adhered to in practice. “There is also no requirement for parties involved in sharing arrangements to report any data security incidents or breaches to CCC.”

In addition, at the time of the ICO audit, less than half of staff had completed a security e-learning module.

There was also no detailed guidance, documented processes or formal training available for information governance officers who handle requests.

However, areas of good practice include guidance on the council’s website on how to make a subject access request, as well as various leaflets describing how users’ information will be used.

Cambridgeshire is also part of the Cambridgeshire and Peterborough Information Sharing Partnership which has created the Cambridgeshire and Peterborough Information Sharing Framework.

The ICO said: “The framework comprises of high level principles that all the partners sign up to when they are sharing information.”

The council's corporate information governance policy is benchmarked to ISO 27001 requirements.

Share this page

Tags

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Letter from Australia: how the government got serious on cybersecurity
10 July 2020

CyberArk, our sponsor for PublicTechnology Cyber Week, writes about how industry and government are working together to meet Australia’s cyber challenges

Scottish public sector warned of increased fraud risk
10 July 2020

Auditors uncover £15m in fraud and errors and urge vigilance against dangers posed by pandemic

Coronavirus has been a boon for cybercriminals
9 July 2020

Fake online shops, malware, phishing emails and ransomware attacks on hospitals have been among the scams perpetrated by bad actors during the pandemic

Related Sponsored Articles

Interview: CyberArk EMEA chief on how government has become a security leader
29 May 2020

PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right