Information Commissioner's Office raps city council over data breaches
The managing director of Wolverhampton City Council has been ordered to sign a commitment to improve staff data-protection training after recent incidents in which sensitive employee information were inadvertently disclosed
A report from the Information Commissioner’s Office said that in November last year payroll data relating to almost 10,000 people had been wrongly disclosed to a third party because of an e-mail “oversight”.
It said that at the beginning of this year personal information about staff at 73 educational establishments had been wrongly disclosed in similar circumstances.
The ICO's report into the security lapses said investigators found the council “does not have a reliable method of monitoring the completion of refresher training” in relation to data-protection.
The joint undertaking signed by ICO head of enforcement Stephen Eckersley and Wolverhampton City Council managing director Keith Ireland commits the council to introduce mechanisms to deal with the shortcomings by the end of the year.
It says: “The data controller (Ireland) shall devise and implement a system to ensure that completion of data protection training is monitored and that procedures are in place to ensure that staff who have not completed training within the specified time period do so promptly. This should be completed within three months.
“The data controller shall ensure that all staff handling personal data receive data protection training and that this training is refreshed at regular intervals, not exceeding two years. The data controller should ensure that all staff that handle sensitive personal data regularly, receive refresher training within six months of the date of this undertaking.”
Eckersley’s report said he was satisfied that the terms of a 2014 enforcement notice handed down to Wolverhampton had been complied with.
Chair of arm’s-length body praises government response but identifies lower payments for recipients of legacy benefits as one of several ‘rough edges’
Department tasks Russell Reynolds Associates with helping bring on board new permanent secretary
Minister discusses need for new training campus and greater use of data in evaluation of projects
Experts from councils and industry partners discuss the key benefits and challenges to consider if local authorities are to reap the rewards of sharing services
PublicTechnology talks to Rich Turner about why organisations need to adopt a ‘risk-based approach’ to security – but first make sure they get the basics right
CyberArk's David Higgins explores the cyber risks of hiring independent contractors
HPE shows why organisations are increasingly seeking to understand and consider the environmental impacts of their IT purchasing decisions
HPE makes the case for hybrid cloud services to transform and enhance relationships with citizens...