Warnings over data protection following Dorset breaches
Two have been reported to the Information Commissioner
Concerns have been raised over Dorset Council’s compliance with the way it protects data.
Cllr Mike Parkes says the authority had two breaches in February which had to be reported to Information Commissioner and staff training levels in the area had been going down – not up.
He told a committee meeting on Monday that less than half the staff who needed training for data protection had completed the mandatory training.
“It was at 47 per cent compliance when we are looking for 100 per cent of this mandatory training being completed. It then dropped to 29 per cent in January and then in February was 27per cent, so we were still on a downward trend,” he told the audit and governance committee.
Council officers told the meeting that it was accepted there was more worked needed to promote the training, but said some of the figures were low because the training targets were re-set annually and then gradually built up again.
Councillors were told that there had been a de-briefing around the two data breaches which had happened and senior staff had looked to see if there were lessons to be learned.
Said Cllr Parkes: “It still concerns me. Even prior to this we were looking at levels of between 60 or 70 per cent compliance. It just doesn’t seem good enough.”
Committee chair Cllr Matt Hall described the issue as an important one and said there was a need for more assurance from the council’s senior leadership team that the training issue was being addressed “and addressed at some pace.”
“If we are, as we are today, saying in a public meeting that our staff are supposed to be doing mandatory training and they’re not, we need to have more assurances that this is being addressed…I would really like to see something coming forward to the next committee to say what we are doing, as a council, to address this issue, with some timelines….we have got to be moving in a better way than we appear to be,” said Cllr Hall.
Portland councillor Sue Cocking said that she would also like to see figures about how many councillors had achieved the training, which is also compulsory.
“We are more than capable of a data breach by forwarding an email, or something like that. If the staff are being held accountable, we also need to as accountable as the staff,” she said.