PolicyWelsh council ordered to overhaul data protection policies

Welsh council ordered to overhaul data protection policies

Anglesey County Council, in Wales, must improve its data protection practices after repeated security failings, according to a legal notice issued by the Information Commissioner’s Office (ICO).

Anglesey County Council, in Wales, must improve its data protection practices after repeated security failings, according to a legal notice issued by the Information Commissioner’s Office (ICO).

The ICO concluded that despite the council committing to making necessary changes, very little had actually been done to improve things.

Anglesey signed undertakings to upgrade its cyber security after two breaches in 2011and 2012. However, auditors visiting in July 2013 and October 2014 still found frailties around the council’s digital defence of personal data.

The ICO has issued the local authority with a nine-point plan to put in place robust new measures to improve its data protection procedures.

 

Key elements of the plan include:

  • creating a records management policy
  • providing mandatory data protection training for employees
  • improving data security around outgoing staff

 

Failure to ‘deliver promised improvements’

Anne Jones, Assistant Commissioner for Wales commented:“It is not acceptable for an organisation to disregard the findings of audits or to fail to deliver promised improvements.

“Anglesey Council has not provided sufficient evidence to show it has implemented our recommendations to the standards we would expect.

“Put simply, the ICO lacks confidence in Anglesey County Council’s commitment to having the measures in place that are needed to keep people’s personal data secure. This enforcement notice puts an additional legal requirement on them to do so.”

 

Council ‘surprised’ to receive notice

The council issued a statement saying it had implemented more than 100 recommendations in the 12 months between its 2013 and 2014 audits and that the latter inspection had found “significant improvement”.

It stated: “Another 66 further recommendations were agreed in light of the re-audit in 2014 and to date the council has completed 22 actions. The council is surprised to receive the enforcement notice at this time and stage in its improvement.

“However, the council is currently considering the actions referred to in the enforcement notice and will continue to cooperate with the ICO to implement the work-plan.”

Related Articles

Regulation for the Fourth Industrial Revolution

Data and security Regulation for the Fourth Industrial Revolution

3y Jay Ashar
Regulatory proposal on mandatory IoT security label

Digital infrastructure Regulatory proposal on mandatory IoT security label

3y Jay Ashar
Tough new measures to ensure the UK's online safety

Policy Tough new measures to ensure the UK's online safety

3y Jay Ashar
Half of English council spending goes to a handful of suppliers, risking another Carillion-sized failure

Policy Half of English council spending goes to a handful of suppliers, risking another Carillion-sized failure

4y Amy Mason
Blueprint for government modernisation calls for 'Lego block approach'

Digital Transformation Blueprint for government modernisation calls for 'Lego block approach'

4y Austin Clark
CRM can help local authorities avoid costly FOI sanctions

Cyber Security CRM can help local authorities avoid costly FOI sanctions

4y Guest Writer
Voter ID trials ‘unnecessary and overbearing’

Policy Voter ID trials ‘unnecessary and overbearing’

4y Austin Clark
NHS Digital publishes guidance on data off-shoring and cloud computing

Cloud Computing NHS Digital publishes guidance on data off-shoring and cloud computing

4y Austin Clark