Council must act on data
Out-of-date information is still being stored by council departments, and a review is needed to comply with data protection law, a report says.
Telford and Wrekin audit and governance team leader Rob Montgomery adds that there were “breaches and potential near-misses in respect to personal data” last year.
His Annual Governance Statement 2018-19 will go before the borough’s cabinet and audit committee next week, and includes an action plan for the rest of the current year.
This promises “a review of all records and information stored”, with “secure disposals” if needed, and information governance training for staff.
Councils are legally required to produce such a statement every year.
“The Annual Governance Statement and the Local Code of Good Governance outline that the council has a robust governance framework in place but that it is continually reviewing procedures to maintain and demonstrate good corporate governance,” Mr Montgomery writes.
“It is supported by risk management and sound systems of internal control which are paramount in these continuing times of financial constraint.”
An appendix to the report lists findings from the previous year, and recommendations and remedial action in 2019-20.
It says: “The annual governance certification process highlighted that service areas are aware they are storing old and out-of-date records and need to review the documents they are storing, both in operational buildings and the storage unit at Stafford Park.”
This is intended to comply with the 2018 Data Protection Act, the UK law that implements the EU’s General Data Protection Regulation.
Like the 1998 Data Protection Act that proceeded it, this requires that personal data should be accurate, up-to-date and not held for longer than necessary.
The action plan says: “There should be a review of all records and information stored and secure disposals made, where appropriate.”
Another finding says: “The results of the annual governance certification process has highlighted that service areas have experienced data breaches and potential near-misses in respect to personal data.
“Where data breaches have been experienced, these have been reported to the Information Governance Team and managers have changed processes and procedures, where possible, based on lessons learned to prevent similar breaches occurring.”
The action plan says all staff should complete appropriate information governance training and be aware of breach procedures.
Mr Montgomery’s report will go before Telford and Wrekin Council’s newly-appointed cabinet on Thursday, May 30, and the Audit Committee later the same day.