Keith Dewar 10 October 2017

Getting ready for new data laws

Getting ready for new data laws image

We have witnessed a sharp decline in public trust across all sectors. Every year, the Edelman Trust Barometer surveys tens of thousands of people across the globe about their level of trust in business, media, government and NGOs. This year was the first time the study found a decline in trust across all four institutions. In fact, the majority of respondents from the UK (60%) believe that these institutions have failed them.

As processors of large amounts of personal data – much of it sensitive information – local authorities must maintain the highest standards if they are to retain and indeed regain public trust. With the upcoming General Data Protection Regulation (GDPR), and the recent announcement that a new Data Protection Bill will transfer GDPR into UK law, local authorities need to be on the front foot to ensure they are fully compliant. Especially because for the majority of the population, their engagement and interaction with government is at a local level.

The new legislation has been designed to put control of personal data firmly back into the hands of the citizen. These changes provide all organisations, and particularly local government bodies, with an unmissable opportunity to improve and strengthen public trust.

One of the first steps to ensure compliance is to review the organisation’s Privacy Policy. A good policy clearly sets out how an organisation collects, stores and uses personal information or data. It should be freely available to the public and easy to access and written in clear, plain language.

To help local councils prepare for GDPR, MyLife Digital and Civica Digital analysed the Privacy Policies of 137 local authorities to see how they comply with the incoming regulations. The analysis shows that good practice is out there. But there are some areas of concern and many councils still have work to do before May 2018, when the regulations become law.

The research identified gaps in compliance using a benchmark combining rulings of the Information Commissioner’s Office (ICO) from 2016 and the forthcoming requirements of GDPR. In fact, there were nine specific criteria against which we measured the 137 local authorities.

The findings include:

• 28% of authorities still do not have a privacy policy easily located online.
• 34% do not clearly mention the collection of personal data.
• 38% do not mention how data will be used.

Improvements need to be made. The ICO confirmed that 10% of all data protection concerns received in 2015 related to local authorities. They also released a report following the Local Government Information Governance Survey in March 2017 stating a quarter of councils don’t have a data protection officer, a mandatory requirement for public authorities under GDPR, 15% do not have data protection training for employees who process personal data and a third don’t do privacy impact assessments.

Nearly all (98%) of privacy policies did not clearly mention any profiling from the use of personal data. With data driving so many decisions about the provision of services and/or resources, the public have a right to be concerned about how their personal data could be used.

Local authorities should be explicit about how personal data is used and what decisions are derived from the analysis of such data. Especially if personal data is combined with other publicly available information.

Another concern identified was that many councils have no data sharing policy – which the ICO confi rmed at 37%. This is despite the increasing need to share data for effective delivery of services, often carried out by outsourced third parties or other Government departments. For example, a local authority shares information with the Department of Work and Pensions to process a pensioner’s application for housing benefit. The ICO has produced helpful guidance for local government in the form of a local authority information sharing and data protection checklist.

Three-quarters (74%) of the privacy policies we reviewed failed to give details of how long data is kept on record. The current regulation and guidance from the ICO says data should be retained for ‘no longer than is necessary for the purpose you obtained it for’. It is essential that local authorities consider how long data will be retained, and can show consideration has been given and documented.

Other elements researched include contact details for the data controller and how data is collected. Both areas that will be enforced under GDPR.

Of course – as with any new regulations – becoming compliant is inevitably going to involve some increase to work, time and cost. Yet, if done in the right way, the opportunity it creates to strengthen trust and to deliver shared value will outweigh these issues.

Now is the time not just to protect your local authority, but to go a step further to deepen public trust.

Keith Dewar is group marketing and product director at MyLife Digital

This feature first appeared in Local Government News magazine - click here for your free copy.

Highways jobs

Director, Governance and Improvement

City of York Council
£85-95k plus relocation package
We are looking for an exceptional individual to be appointed to the position of Director of Governance and Improvement. York, North Yorkshire
Recuriter: City of York Council

Casual Cleaning Assistant

Chelmsford City Council
Grade 2 - Currently £9.00 per hour
It's exciting times at Riverside Leisure Centre with a brand-new centre opening in June 2019 and we need you to get on board and help us make this ... Chelmsford, Essex
Recuriter: Chelmsford City Council

Senior Team Leader

Redbridge London Borough Council
£35,992 to £38,994 per annum inclusive
Looking for individuals with initiative, evidence of experience in managing a street cleansing service and motivating... Redbridge, London (Greater)
Recuriter: Redbridge London Borough Council

Junior Service Desk Analyst

Chelmsford City Council
Full Time, 37 Hours, 12 Month Fixed Term Contract
We are seeking an enthusiastic, adaptable and proactive analyst to join our Service Desk team to provide customer focused first line IT technical s... Chelmsford, Essex
Recuriter: Chelmsford City Council

Part Time Receptionist

Chelmsford City Council
Grade 3 - Starting at £17,931 per annum, pro rata and rising to £19,131 per annum, pro rata
Join our friendly team welcoming our customers to the South Woodham Ferrers Leisure Centre. You will be flexible, self-motivated and able to deal c... Chelmsford, Essex
Recuriter: Chelmsford City Council

Local Government News

Latest issue - Local Goverrnemnt News

The March issue of Local Government News explores alternative funding channels that are available to councils beyond the Public Works Loan Board, what hurdles merging councils face in coming together, and how local government is handling GDPR.

This issue also has a special highways and street lighting section exploring how councils can use lighting to embark on their smart city journey and using IoT technology to weather the storm.

Register for your free magazine