From the ICO:
The Information Commissioner’s Office (ICO) has ordered Wolverhampton City Council to provide adequate data protection training for its staff following a series of warnings dating back over two years.
The enforcement action follows an investigation into a data breach at the council that occurred in January 2012. The breach was caused when a social worker, who had not received data protection training, sent out a report to a former service user detailing their time in care. However, the social worker failed to remove highly sensitive information about the recipient’s sister that should not have been included.
On 20 December 2011, just before the breach, the ICO had completed an audit with the council. The audit recommended the council introduce a data protection policy, explaining how people’s information should be kept secure. It also recommended the council should provide mandatory staff training so that the policy was followed.
The policy was introduced in May 2013 with mandatory training for all staff scheduled to be completed by the end of February this year. However, the ICO has discovered the council has failed to meet this deadline with two thirds of the council’s staff (68%) still having not undertaken the training.
The council must now make sure the training is provided to all staff within 50 days, or the matter will be treated as contempt of court.
ICO Head of Enforcement, Stephen Eckersley, said:
“The lack of urgency displayed by Wolverhampton City Council is startling. Over two years ago, we reviewed the council’s practices and highlighted the need for guidance and mandatory training to help its staff keep residents’ information secure.
“Despite numerous warnings the council has failed to act, with over two thirds of its staff still remaining untrained. We have taken positive steps and acted before this situation is allowed to continue any longer and more people’s personal information is lost.”
View a PDF of the Wolverhampton Council enforcement notice
Note: Other incidents involving Wolverhampton that have been reported on this blog are linked from here.