The MD has signed a commitment to improve standards of training in data protection following several incidents which resulted in employee information being leaked. The Information Commissioner’s Office has issued a report that states payroll data affecting 10,000 employees had been passed on to a third party and the mistake has been labelled an ‘oversight’.
The report has suggested that at the start of the year, information about staff working at 73 different educational institutions also had their personal information passed on. The report has suggested that the council does not have a good policy in place for monitoring the training of staff in data security.
The council has confirmed that it will have measures in place by the end of the year to ensure that breaches of this type can be minimised. The data controller has been tasked with creating and monitoring a system to ensure that the right training is delivered as and when needed. It is hoped that this system will be in place within a few months.
Data protection training should be delivered to all staff that are handling personal data, and no member of staff should go more than two years without refresher training. Those who are handling sensitive data should get refresher training within six months. The council was on the receiving end of an enforcement notice in 2014, and the report states that this had been complied with.