Keith Dewar 10 October 2017

Getting ready for new data laws

Getting ready for new data laws image

We have witnessed a sharp decline in public trust across all sectors. Every year, the Edelman Trust Barometer surveys tens of thousands of people across the globe about their level of trust in business, media, government and NGOs. This year was the first time the study found a decline in trust across all four institutions. In fact, the majority of respondents from the UK (60%) believe that these institutions have failed them.

As processors of large amounts of personal data – much of it sensitive information – local authorities must maintain the highest standards if they are to retain and indeed regain public trust. With the upcoming General Data Protection Regulation (GDPR), and the recent announcement that a new Data Protection Bill will transfer GDPR into UK law, local authorities need to be on the front foot to ensure they are fully compliant. Especially because for the majority of the population, their engagement and interaction with government is at a local level.

The new legislation has been designed to put control of personal data firmly back into the hands of the citizen. These changes provide all organisations, and particularly local government bodies, with an unmissable opportunity to improve and strengthen public trust.

One of the first steps to ensure compliance is to review the organisation’s Privacy Policy. A good policy clearly sets out how an organisation collects, stores and uses personal information or data. It should be freely available to the public and easy to access and written in clear, plain language.

To help local councils prepare for GDPR, MyLife Digital and Civica Digital analysed the Privacy Policies of 137 local authorities to see how they comply with the incoming regulations. The analysis shows that good practice is out there. But there are some areas of concern and many councils still have work to do before May 2018, when the regulations become law.

The research identified gaps in compliance using a benchmark combining rulings of the Information Commissioner’s Office (ICO) from 2016 and the forthcoming requirements of GDPR. In fact, there were nine specific criteria against which we measured the 137 local authorities.

The findings include:

• 28% of authorities still do not have a privacy policy easily located online.
• 34% do not clearly mention the collection of personal data.
• 38% do not mention how data will be used.

Improvements need to be made. The ICO confirmed that 10% of all data protection concerns received in 2015 related to local authorities. They also released a report following the Local Government Information Governance Survey in March 2017 stating a quarter of councils don’t have a data protection officer, a mandatory requirement for public authorities under GDPR, 15% do not have data protection training for employees who process personal data and a third don’t do privacy impact assessments.

Nearly all (98%) of privacy policies did not clearly mention any profiling from the use of personal data. With data driving so many decisions about the provision of services and/or resources, the public have a right to be concerned about how their personal data could be used.

Local authorities should be explicit about how personal data is used and what decisions are derived from the analysis of such data. Especially if personal data is combined with other publicly available information.

Another concern identified was that many councils have no data sharing policy – which the ICO confi rmed at 37%. This is despite the increasing need to share data for effective delivery of services, often carried out by outsourced third parties or other Government departments. For example, a local authority shares information with the Department of Work and Pensions to process a pensioner’s application for housing benefit. The ICO has produced helpful guidance for local government in the form of a local authority information sharing and data protection checklist.

Three-quarters (74%) of the privacy policies we reviewed failed to give details of how long data is kept on record. The current regulation and guidance from the ICO says data should be retained for ‘no longer than is necessary for the purpose you obtained it for’. It is essential that local authorities consider how long data will be retained, and can show consideration has been given and documented.

Other elements researched include contact details for the data controller and how data is collected. Both areas that will be enforced under GDPR.

Of course – as with any new regulations – becoming compliant is inevitably going to involve some increase to work, time and cost. Yet, if done in the right way, the opportunity it creates to strengthen trust and to deliver shared value will outweigh these issues.

Now is the time not just to protect your local authority, but to go a step further to deepen public trust.

Keith Dewar is group marketing and product director at MyLife Digital

This feature first appeared in Local Government News magazine - click here for your free copy.

Restoring the glory days of the British seaside image

Restoring the glory days of the British seaside

The traditional seaside resort is having a hard time, new figures on bankruptcies show. But experts say a combination of support and greater freedom could turn them around, as Mark Whitehead found out.
Highways jobs

Senior Manager – Older Adults – Residential Care

Cumbria County Council
£68,709 - £71,218
This pivotal role requires leadership and management of the Council's twenty in house Residential Care services Carlisle, Cumbria
Recuriter: Cumbria County Council

Education, Health and Care (EHC) Co-ordinators

Buckinghamshire Council
£30,874 - £37,188 per annum
Interested in a career as an EHC Coordinator? Come along to our drop-in event to meet members of the SEND team and find out more about the role! England, Buckinghamshire, Aylesbury
Recuriter: Buckinghamshire Council

Junior Analyst

Essex County Council
£24001.0 - £27270 per annum
This opportunity is on a 12-month, fixed term basis. Working hours are Monday to Friday, 37 hours per week. Our Data & Analytics service is evolving, England, Essex, Chelmsford
Recuriter: Essex County Council

Contract Monitoring Officer (Streets and Grounds)

Wiltshire Council
£24,313 - £26,317 per annum
This is an interesting and varied role involving inspecting and monitoring the condition of the highway Wiltshire
Recuriter: Wiltshire Council

Child and Family Support Worker - Children in Care

Essex County Council
In ECC we are "Serious about Social Work". Having recently won the Best Social Work Employer of the Year Award 2018 and been awarded 'Outstanding' by England, Essex, Colchester
Recuriter: Essex County Council

Local Government News

Latest issue - Local Goverrnemnt News

This issue of Local Government News explores how councils can tackle modern slavery and trafficking in their supply chains, finds out more about Cambridge's first cohousing scheme and the launch of a new project to build a shared service pattern library for local government.

This issue also contains a special focus on children's services and how councils are protecting children following local safeguarding children boards being abolished.

Register for your free magazine