• Councils 'not taking data security seriously enough'

    A culture that does not take information governance seriously is among the issues facing many councils

    A culture that does not take information governance seriously is among the issues facing many councils

    A culture that does not take information governance seriously is among the issues facing many councils

    • Local councils throughout the UK are not devoting enough resources to data security and the protection of sensitive details, an official at the Information Commissioner's Office (ICO0 has warned.

      John-Pierre Lamb, who leads one of three audit teams in the ICO, told Public Technology, said a common problem is that staff are not adequately trained on how to keep sensitive data safe.

      This is despite the fact that resources to assist with this are relatively cheap and easy to implement, and councils that do suffer a breach run the risk of fines of up to £500,000.

      Indeed, more than £2.3 million in penalties have been issued to councils by the ICO since 2010, when the organisation was first handed these powers.

      Mr Lamb said there are several challenges facing councils when it comes to information governance. For example, resources are a challenge, as many local authorities are under financial pressure as a result of budget cuts.

      Another issue is that senior personnel are still working in a culture that does not take accountability and responsibility for data protection seriously. This attitude can cause problems, even when councils do have strong information governance teams.

      "Sometimes information governance teams are sidelined, and not really integrated into the organisation," Mr Lamb stated. "Even a very good data protection manager with a good data protection officer is going to struggle in that sort of environment. That is an issue we frequently find."

      The sheer volume and variety of information local authorities are required to handle can also create difficulties. This is a particularly big issue for councils that work from offices across wide geographic areas.

      "When you add the diversity of geography, methods, functions and feeds, that all makes records management much harder and councils struggle," Mr Lamb said.

      He noted that a large number of councils have not done a thorough record management audit and do not have a proper information assets register, leaving them unaware of all the records they hold and what must be done to protect them.