Keith Dewar 10 October 2017

Getting ready for new data laws

Getting ready for new data laws image

We have witnessed a sharp decline in public trust across all sectors. Every year, the Edelman Trust Barometer surveys tens of thousands of people across the globe about their level of trust in business, media, government and NGOs. This year was the first time the study found a decline in trust across all four institutions. In fact, the majority of respondents from the UK (60%) believe that these institutions have failed them.

As processors of large amounts of personal data – much of it sensitive information – local authorities must maintain the highest standards if they are to retain and indeed regain public trust. With the upcoming General Data Protection Regulation (GDPR), and the recent announcement that a new Data Protection Bill will transfer GDPR into UK law, local authorities need to be on the front foot to ensure they are fully compliant. Especially because for the majority of the population, their engagement and interaction with government is at a local level.

The new legislation has been designed to put control of personal data firmly back into the hands of the citizen. These changes provide all organisations, and particularly local government bodies, with an unmissable opportunity to improve and strengthen public trust.

One of the first steps to ensure compliance is to review the organisation’s Privacy Policy. A good policy clearly sets out how an organisation collects, stores and uses personal information or data. It should be freely available to the public and easy to access and written in clear, plain language.

To help local councils prepare for GDPR, MyLife Digital and Civica Digital analysed the Privacy Policies of 137 local authorities to see how they comply with the incoming regulations. The analysis shows that good practice is out there. But there are some areas of concern and many councils still have work to do before May 2018, when the regulations become law.

The research identified gaps in compliance using a benchmark combining rulings of the Information Commissioner’s Office (ICO) from 2016 and the forthcoming requirements of GDPR. In fact, there were nine specific criteria against which we measured the 137 local authorities.

The findings include:

• 28% of authorities still do not have a privacy policy easily located online.
• 34% do not clearly mention the collection of personal data.
• 38% do not mention how data will be used.

Improvements need to be made. The ICO confirmed that 10% of all data protection concerns received in 2015 related to local authorities. They also released a report following the Local Government Information Governance Survey in March 2017 stating a quarter of councils don’t have a data protection officer, a mandatory requirement for public authorities under GDPR, 15% do not have data protection training for employees who process personal data and a third don’t do privacy impact assessments.

Nearly all (98%) of privacy policies did not clearly mention any profiling from the use of personal data. With data driving so many decisions about the provision of services and/or resources, the public have a right to be concerned about how their personal data could be used.

Local authorities should be explicit about how personal data is used and what decisions are derived from the analysis of such data. Especially if personal data is combined with other publicly available information.

Another concern identified was that many councils have no data sharing policy – which the ICO confi rmed at 37%. This is despite the increasing need to share data for effective delivery of services, often carried out by outsourced third parties or other Government departments. For example, a local authority shares information with the Department of Work and Pensions to process a pensioner’s application for housing benefit. The ICO has produced helpful guidance for local government in the form of a local authority information sharing and data protection checklist.

Three-quarters (74%) of the privacy policies we reviewed failed to give details of how long data is kept on record. The current regulation and guidance from the ICO says data should be retained for ‘no longer than is necessary for the purpose you obtained it for’. It is essential that local authorities consider how long data will be retained, and can show consideration has been given and documented.

Other elements researched include contact details for the data controller and how data is collected. Both areas that will be enforced under GDPR.

Of course – as with any new regulations – becoming compliant is inevitably going to involve some increase to work, time and cost. Yet, if done in the right way, the opportunity it creates to strengthen trust and to deliver shared value will outweigh these issues.

Now is the time not just to protect your local authority, but to go a step further to deepen public trust.

Keith Dewar is group marketing and product director at MyLife Digital

This feature first appeared in Local Government News magazine - click here for your free copy.

Redefining the shape of local government image

Redefining the shape of local government

With the new authorities of East Suffolk and West Suffolk launching from next month, what final hurdles do the councils face in coming together? Neil Merrick reports.
Understanding chatbots image

Understanding chatbots

Julian Mead calls for an open and informed discussion around the use of chatbots in local government.
Highways jobs

Change Lead, Adult Social Care & Health

London Borough of Bexley
£41,205 - £48,069
We are currently seeking an experienced Change Lead to work on our Adult Social Care Services’ transformation programme. Bexleyheath, London (Greater)
Recuriter: London Borough of Bexley

Deputy Team Manager

Brent Council
£41,847 - £44,691 p.a. inc.
An exciting opportunity has arisen in the Hospital Discharge Team (HDT) for an experienced Social Worker. Wembley, London (Greater)
Recuriter: Brent Council

Highways Estimator

Competitive Salary
As the Highways Estimator you will join a busy environment and become an integral part of the team. Hounslow (London Borough), London (Greater)
Recuriter: Ringway

Joint Strategic Director of Commissioning 

West Sussex County Council
circa £130,000 per annum
The post holder will be able to demonstrate an understanding and embrace the opportunity to address the health... West Sussex
Recuriter: West Sussex County Council

Head of Lifelong Services

West Sussex County Council
up to £85,000 per annum
The Head of Lifelong Services will lead and deliver a new, co-produced, integrated and whole life approach and service working with people... West Sussex
Recuriter: West Sussex County Council

Local Government News

Latest issue - Local Goverrnemnt News

The December issue of Local Government News looks at the consequences a council may face if it is unable to provide statutory services, the launch of Liverpool’s housing company and how councils can best manage roles in local authority companies.

It also has a special section on green building and energy efficiency including what funding is available to enable councils to deliver heat networks and how councils can pay for ‘smart buildings’.

Register for your free magazine