Channel eyes should bear on council data
This week's ICO audit report suggests a reseller opportunity around data protection
There is a clear channel opportunity in data protection emerging from this week's Information Commissioner's Office (ICO) audit of local authorities.
The 26 August report found that there are "areas of good practice, but clear room for improvement by all" in compliance with the Data Protection Act 1998 reflected by an audit of 16 councils, covering the period from January to December last year.
John-Pierre Lamb, group manager in the good practice team at the ICO, said it is seeing much the same types of breach over and over – suggesting clear areas for the channel to target with services and solutions.
"Our figures show that local authorities have much to do to improve data protection governance and training. We recognise that councils are having to do more with less due to ongoing budgetary pressures, but it is important to appreciate that the lack of effective governance structures and training programmes significantly increases the risk of serious breaches of the DPA," Lamb said.
Six per cent of the 16 exhibited "substantial risk of non-compliance" with the act with immediate action required, according to the report, while 38 per cent showed "considerable scope" for improvement.
None were completely satisfactory when it came to DPA compliance, it said.
The main six areas of assessment were data sharing; training and awareness; security of personal data; requests for personal data; records management; and data protection governance.
According to Lamb, personal information is being disclosed in error, while documentation and hardware loss and theft is also prevalent, he said. The total monetary penalties levied from local authorities "for the most serious breaches" came to £2.3m.
"By learning from the mistakes of others, and indeed learning from the examples of good practice we found, local authorities will improve their compliance with the law, and be less likely to find the regulator knocking on their door," Lamb said.
The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.