Local authorities are failing to achieve the highest standard for compliance with the Data Protection Act, according to a new report.
An audit of 16 councils, conducted by the Information Commissioner’s Office (ICO), found that none received ‘high assurance’ they were complying with data protection law.
The data watchdog is warning there is ‘clear room for improvement’ in the way local authorities comply with the law, with £2.3m in fines already issued for serious breaches.
Of those audited, six councils were told they had considerable room for improvement, with one needing to take immediate action.
John-Pierre Lamb, ICO group manager in the good practice team, said: ‘The types of breaches we’re seeing are fairly consistent, with personal information being disclosed in error and lost or stolen paperwork and hardware prevalent.
‘It’s clear that there’s room for improvement, and not just by the local authorities we visited: the areas for improvement we identified in those visits should prove helpful to many local authorities.
‘By learning from the mistakes of others, and indeed learning from the examples of good practice we found, local authorities will improve their compliance with the law, and be less likely to find the regulator knocking on their door.’
The report outlines areas for improvement in data protection governance and training, but does also outline good practice in information security and records management.
The ICO has previously issued a data breach training order to Wolverhampton City Council and fined Glasgow City Council £150,000 following the loss of two unencrypted laptops.