Redbridge Council told to improve data protection training and governance

Written by Rebecca Hill on 31 August 2016 in News
News

The Information Commissioner’s Office has said that London Borough of Redbridge Council needs to make considerable improvements to its data protection practices.

Redbridge Council says it is acting on the ICO's recommendations - Photo credit: Flickr, diamond geezer

The ICO carried out an audit of the council’s processing of personal data earlier this year, and found that there was a “limited level of assurance” that processes for data protection compliance are in place.

“The audit has identified considerable scope for improvement in existing arrangements to reduce the risk of non-compliance with the Data Protection Act,” the conclusion stated.


Related content

ICO stresses the importance of data protection post-Brexit
Do you know the right class for your data?


The audit looked at three areas: training and awareness of data protection requirements, the security of personal data and the procedures in place to recognise and respond to requests for access to personal data.

The ICO found that the overall corporate subject access compliance rate for 2015 was 49%, which it deemed “unacceptably low”. This, it added, was “in clear contrast to the reported 85% freedom of information compliance for the same period”.

The report said that a lack of centralised logging and reporting was a contributory factor – something that the council has since improved. In a statement sent to PublicTechnology in response to the audit report, Redbridge Council said that subject access requests now stand at 85%.

“We take our responsibilities in relation to information governance very seriously and we have a robust process for dealing with incidents and complaints,” the council statement added.

The council was also told to create key performance indicators that establish targets for data protection training completion, which the council said had already been done.

Meanwhile, it said that there was a “robust plan” in place to tackle the other areas identified for improvement.

These included better analysis of data protection training needs, with the council saying that an analysis matrix was being developed and would be agreed on in October, and the need to undertake Privacy Impact Assessments for new systems that require the processing of personal data.

The audit had also called for the council to appoint an information security officer, but the council response said that this role was currently being undertaken by the head of IT operations.

Redbridge council added that the audit was conducted during “a period of significant transformational change” – the council appointed a new chief executive, Andy Donald, earlier this year and is due to have a new top team on the corporate side by the autumn.

In a recent interview with PublicTechnology, the incoming director of corporate strategy, Simon Parker, said that there was “bags of ambition” at the council, adding that it was “a borough that’s about to go places”.

Share this page

Tags

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Comments

Des Ward (not verified)

Submitted on 31 August, 2016 - 16:05
Worth looking at ASIRTA from The Common Framework as it helps establish a councils obligations re Data handling

Related Articles

Conservative manifesto: five tech takeaways
9 December 2019

Rounding up the Tories’ key pledges in the area of digital and data, including a new cybercrime force and tax incentives for investments in cloud computing

Election 2019: Which party has most to say on digital, data and technology?
10 December 2019

Examining the language of each party’s manifesto reveals significant differences in the amount and focus of proposals related to technology and data policy – as well as in the wider themes of each...

Related Sponsored Articles

Three best-practice measures in the event of a data breach
3 December 2019

To have the best chance of an effective response and a full recovery, organisations should have a robust incident response strategy in place, says BT 

How to take control of your network
26 November 2019

We hear from BT about why delivering a great customer experience depends on your network visibility 

The future of voice: how to successfully transform your legacy voice estate
19 November 2019

Organisations are increasingly having to replace their legacy voice infrastructure as traditional analogue and ISDN lines are being phased out. BT talk about how they can help the transition...

Case Study: Cryptocurrency, connectivity and the cloud
12 November 2019

BT presents findings from cryptocurrency firm Gemini on how they're providing customers with direct connectivity thanks to the Radianz network