Data protection: council staff seek more advice after new rules introduced
The number of requests for advice about data protection issues from staff at Lancashire County Council has more than doubled this year.
Employees asked for help from the authority’s information governance team on almost 9,500 occasions in the nine months up to the start of October - compared to just over 4,000 requests during the whole of 2017.
New European Union rules governing data protection were introduced in May and it recently emerged that there was a spike in suspected data breaches at the council between April and June.
Out of 98 incidents in total, seven of them had to be reported to the Information Commissioner's Office (ICO), which investigates cases where the “rights and freedoms” of individuals are threatened as the result of a breach.
But figures over the next three months showed the number of ICO referrals fell to two and the authority’s internal auditors have recently given the highest rating to the council’s compliance with data protection rules.
A meeting of the audit, risk and governance committee heard that a specialist team at the council had “pulled out all the stops in terms of helping colleagues across the organisation”.
New training has been introduced for staff, which has been completed by three quarters of people working for the authority.
But committee member Tony Martin wanted to know “where the buck stops” if breaches are made by organisations which are not controlled by the council, but may use data supplied by it - including the Lancashire Pension Partnership (LPP).
Debbie Bonser, the council’s information governance manager, said the LPP was classed as a data controller and so had “accepted liability” under data protection legislation.
The committee heard that regular meetings take place with the council’s major suppliers and partners, including BT Lancashire Services, to ensure compliance with the relevant regulations.