ICO slams Council's 'startling' data security policy, threatens court order

By Danny Palmer
30 May 2014 View Comments

The Information Commissioner's Office (ICO) has criticised Wolverhampton Council's "startling" approach to data security.

It comes after the council was previously warned it must take better care of people's sensitive information following an ICO investigation into a data breach which occurred in January 2012.

Further reading

A council worker, who had not received any sort of data protection training, sent out a report which contained sensitive information which should have been removed.

The breach occurred despite previous warnings from the ICO over a two-year period, including one which followed an audit in December 2011, just one month before the data breach. The ICO had recommended the council introduce a mandatory data protection policy which explained how data should be stored securely.

However, the policy wasn't introduced until March 2013 and the ICO has found that to date, more than two thirds of Wolverhampton Council staff still haven't undertaken mandatory data protection training.

But rather than punish the council with a fine, the ICO has instead chosen to issue an enforcement order which demands all remaining staff be trained in data protection in the next 50 days, otherwise the matter will be treated as contempt of court.

"The lack of urgency displayed by Wolverhampton City Council is startling," said ICO head of enforcement Stephen Eckersley.

"Over two years ago, we reviewed the council's practices and highlighted the need for guidance and mandatory training to help its staff keep residents' information secure.

"Despite numerous warnings the council has failed to act, with over two thirds of its staff still remaining untrained," he continued. "We have taken positive steps and acted before this situation is allowed to continue any longer and more people's personal information is lost."

Wolverhampton Council has issued a statement indicating that it accepts the findings of the ICO report.

"Over the past year, employees have been undertaking compulsory data protection training and we are on track to meet the ICO's deadline to complete this," it said.

"This is one of a number of significant measures we have put in place to improve the council's information governance service since the ICO's audit in 2011," the statement added.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

35 %
31 %
14 %
20 %