Slide background

Council faces enforcement notice over failure to roll out data protection training

The Information Commissioner has issued an enforcement notice against Medway Council over its failure to continue to roll out mandatory data protection training.

The ICO had carried out a consensual audit of the local authority in October 2014, but this only provided ‘limited assurance’.

The watchdog’s report recommended – amongst other things – that mandatory data protection training should be given to all staff and there be regular refresher training which is monitored.

The ICO carried out a ‘follow-up’ audit in June 2015. This found that although mandatory data protection training had been implemented, the watchdog advised Medway to continue to roll out the training.

Article continues below...

The ICO then carried out a further investigation into Medway’s compliance with the Data Protection Act following two security breaches.

The watchdog said the council had “failed to take adequate steps to ensure that mandatory data protection training has been rolled out, as advised”.

The ICO said it was satisfied Medway had contravened the Seventh Data Protection Principle in that it had failed to take appropriate organisational measures against the unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

The enforcement notice requires the council within six months to take steps to ensure that:

  1. There is a mandatory data protection training programme for staff and refresher training at least every two years. Delivery of the training should be tailored to reflect the needs of the staff following a training needs analysis; and
  2. Complement of any such training is monitored and properly documented.

A copy of the enforcement notice can be viewed here.

A Medway Council spokesperson said: “We are committed to providing high standards of data security and will implement the Information Commissioner’s recent recommendations to further improve the tailoring, monitoring and recording of the mandatory training.”


Slide background