Information Commissioner's Office raps city council over data breaches

Written by Jim Dunton on 14 June 2016 in News

The managing director of Wolverhampton City Council has been ordered to sign a commitment to improve staff data-protection training after recent incidents in which sensitive employee information were inadvertently disclosed

A report from the Information Commissioner’s Office said that in November last year payroll data relating to almost 10,000 people had been wrongly disclosed to a third party because of an e-mail “oversight”. 

It said that at the beginning of this year personal information about staff at 73 educational establishments had been wrongly disclosed in similar circumstances. 

Related content

Councils sidelining information governance teams, says ICO official

ICO slams Wolverhampton over data security 

The ICO's report into the security lapses said investigators found the council “does not have a reliable method of monitoring the completion of refresher training” in relation to data-protection. 

The joint undertaking signed by ICO head of enforcement Stephen Eckersley and Wolverhampton City Council managing director Keith Ireland commits the council to introduce mechanisms to deal with the shortcomings by the end of the year. 

It says: “The data controller (Ireland) shall devise and implement a system to ensure that completion of data protection training is monitored and that procedures are in place to ensure that staff who have not completed training within the specified time period do so promptly. This should be completed within three months.

“The data controller shall ensure that all staff handling personal data receive data protection training and that this training is refreshed at regular intervals, not exceeding two years. The data controller should ensure that all staff that handle sensitive personal data regularly, receive refresher training within six months of the date of this undertaking.”

Eckersley’s report said he was satisfied that the terms of a 2014 enforcement notice handed down to Wolverhampton had been complied with.

Share this page




Please login to post a comment or register for a free account.

Related Articles

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

Ex-intelligence chief ‘appalled’ at ministers’ use of private messages
1 June 2023

Former GCHQ and Home Office leader David Omand expresses disapproval of use of WhatsApp and other platforms for government business

Consultation reveals widespread opposition to proposed data-sharing laws for government login system
26 May 2023

Overwhelming majority of respondents voice disapproval but government will press on with plans to bring forward legislation

MoD seeks senior exec to boost ‘cyber awareness, behaviours and culture’ across defence sector
23 May 2023

Role comes with a remit to work with current and former military personnel, as well as officials and commercial suppliers

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...