COUNCIL bosses are to appeal a damning condemnation of their inability to train staff in “basic” data protection.
Last month, the Information Commissioner’s Office (ICO) issued an enforcement notice after West Dunbartonshire Council dragged their heels for three years.
And while they stalled, a child’s adoption papers were stolen in July 2014 – something the council immediately told the ICO.
Nearly two years on, the council was given six months to train all staff on data protection and refresher training every year.
But now council bosses have appealed to the First-Tier Tribunal and the process will drag on even further.
According to corporate services committee papers earlier this month, between October 1, 2015 and March 31, 2016 there were three sessions on data protection, ICT security and fraud awareness training with 39 people attending.
There were 5,818 employees in total at the local authority as of the end of December 2015.
A council spokeswoman told the Post: “We accepted the data breach and referred ourselves to the Information Commissioner as soon as it had taken place. We will be appealing the terms of the enforcement notice.”
Cllr Jonathan McColl, leader of SNP WDC opposition
Jonathan McColl, leader of the SNP opposition on the council, hit out at the decision to appeal.
He said: “I am extremely concerned about the apparent lack of action on West Dunbartonshire Council’s part, but more so about the dismissive manner in which council seem to be treating this issue.
“I raised this at the highest levels of the council weeks ago when the story broke in the press and the response I got from officers was to attack the assistant Information Commissioner for Scotland and rubbish his concerns. There seems to be a difference of opinion over the interpretation of a ‘home’ worker as oppose to someone who works ‘flexibly’ i.e. sometimes from home but mainly office based.
“What I want to be sure of is whether we have the policies and training in place for anyone who has to take home personal information to minimise the risk of that information being accessed by unauthorised persons.
“As convener of the council’s audit committee, I have written to Ken Macdonald with a copy of our officers’ written response for his comments and I have also instructed that this issue be the subject of a full report to the audit committee on June 8.”
Ken Macdonald, Assistant Information Commissioner for Scotland, said in April the “basic requirement” of training to protect data wasn’t happening and they had “no choice” to issue an enforcement notice. The council faces court action if they were to breach the notice.
On July 21, 2014 the council reported a data breach to the ICO when an employee had a bag with private information stolen.
The worker had details of an adoption case out of the office to work on from home but the laptop and paperwork left in their car overnight were stolen.
In a statement, the ICO explained: “An ICO investigation found the employee had not been given training on the Data Protection Act, and the council still had no guidance to staff on handling personal information at home. The council avoided a fine as the breach did not cause substantial damage or distress.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules hereComments are closed on this article