Keith Dewar 10 October 2017

Getting ready for new data laws

Getting ready for new data laws image

We have witnessed a sharp decline in public trust across all sectors. Every year, the Edelman Trust Barometer surveys tens of thousands of people across the globe about their level of trust in business, media, government and NGOs. This year was the first time the study found a decline in trust across all four institutions. In fact, the majority of respondents from the UK (60%) believe that these institutions have failed them.

As processors of large amounts of personal data – much of it sensitive information – local authorities must maintain the highest standards if they are to retain and indeed regain public trust. With the upcoming General Data Protection Regulation (GDPR), and the recent announcement that a new Data Protection Bill will transfer GDPR into UK law, local authorities need to be on the front foot to ensure they are fully compliant. Especially because for the majority of the population, their engagement and interaction with government is at a local level.

The new legislation has been designed to put control of personal data firmly back into the hands of the citizen. These changes provide all organisations, and particularly local government bodies, with an unmissable opportunity to improve and strengthen public trust.

One of the first steps to ensure compliance is to review the organisation’s Privacy Policy. A good policy clearly sets out how an organisation collects, stores and uses personal information or data. It should be freely available to the public and easy to access and written in clear, plain language.

To help local councils prepare for GDPR, MyLife Digital and Civica Digital analysed the Privacy Policies of 137 local authorities to see how they comply with the incoming regulations. The analysis shows that good practice is out there. But there are some areas of concern and many councils still have work to do before May 2018, when the regulations become law.

The research identified gaps in compliance using a benchmark combining rulings of the Information Commissioner’s Office (ICO) from 2016 and the forthcoming requirements of GDPR. In fact, there were nine specific criteria against which we measured the 137 local authorities.

The findings include:

• 28% of authorities still do not have a privacy policy easily located online.
• 34% do not clearly mention the collection of personal data.
• 38% do not mention how data will be used.

Improvements need to be made. The ICO confirmed that 10% of all data protection concerns received in 2015 related to local authorities. They also released a report following the Local Government Information Governance Survey in March 2017 stating a quarter of councils don’t have a data protection officer, a mandatory requirement for public authorities under GDPR, 15% do not have data protection training for employees who process personal data and a third don’t do privacy impact assessments.

Nearly all (98%) of privacy policies did not clearly mention any profiling from the use of personal data. With data driving so many decisions about the provision of services and/or resources, the public have a right to be concerned about how their personal data could be used.

Local authorities should be explicit about how personal data is used and what decisions are derived from the analysis of such data. Especially if personal data is combined with other publicly available information.

Another concern identified was that many councils have no data sharing policy – which the ICO confi rmed at 37%. This is despite the increasing need to share data for effective delivery of services, often carried out by outsourced third parties or other Government departments. For example, a local authority shares information with the Department of Work and Pensions to process a pensioner’s application for housing benefit. The ICO has produced helpful guidance for local government in the form of a local authority information sharing and data protection checklist.

Three-quarters (74%) of the privacy policies we reviewed failed to give details of how long data is kept on record. The current regulation and guidance from the ICO says data should be retained for ‘no longer than is necessary for the purpose you obtained it for’. It is essential that local authorities consider how long data will be retained, and can show consideration has been given and documented.

Other elements researched include contact details for the data controller and how data is collected. Both areas that will be enforced under GDPR.

Of course – as with any new regulations – becoming compliant is inevitably going to involve some increase to work, time and cost. Yet, if done in the right way, the opportunity it creates to strengthen trust and to deliver shared value will outweigh these issues.

Now is the time not just to protect your local authority, but to go a step further to deepen public trust.

Keith Dewar is group marketing and product director at MyLife Digital

This feature first appeared in Local Government News magazine - click here for your free copy.

For your free daily news bulletin
Highways jobs

Senior Project Manager

Leicestershire County Council
Up to £50,823 per annum
The role of this post is to oversee the project management, development and implementation of the County Council’s Major Transport Projects.. Leicestershire
Recuriter: Leicestershire County Council

Programme and Change Delivery Manager (Spatial Planning and Urban Design)

London Borough of Richmond upon Thames and London Borough of Wandsworth
£43,833 - £53,115 Depending on skills and experience
Are you a change delivery manager with expertise in England’s local government spatial planning and urban design sector? Wandsworth, London (Greater)
Recuriter: London Borough of Richmond upon Thames and London Borough of Wandsworth

Early Years Practitioner

The Royal Borough of Kensington & Chelsea Council
£26,544 - £30,618 per annum pro rata
This is a diverse area and we have high aspirations for all our children, starting with... Kensington and Chelsea, London (Greater)
Recuriter: The Royal Borough of Kensington & Chelsea Council

Programme Manager - Association of Directors of Children’s Services

City of York Council
£50,000 to £60,000 pa
This role will help to shape an annual SLI work plan and variously oversee, facilitate, commission or directly deliver and... York, North Yorkshire
Recuriter: City of York Council

School Wellbeing Worker

City of York Council
£27,614 to £30,602 per annum
The role will involve providing schools with consultation and advice, training, direct work in... York, North Yorkshire
Recuriter: City of York Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue