Stoke Council shows 'reasonable' compliance on data protection

Following an audit conducted by The Information Commissioner's Office (ICO), Stoke on Trent City Council has been found to have "reasonable" compliance with data protection legislation.

The local authority consensually agreed to an audit of the way it processes personal data and an introductory teleconference was held in November last year.

During this introduction the ICO and the council agreed that the audit would focus on data protection governance, training and awareness and security of personal data.

The overall conclusion was that Stoke on Trent demonstrates "reasonable assurance" that its processes and procedures are in place and are delivering data protection compliance.

The local authority was found to demonstrate good practice by ensuring all new employees are booked onto a data protection awareness course within six weeks of joining the organisation.

This training is delivered desk-side on a one-to-one basis and training must be retaken if the employee is not registered properly.

ICO claims that the council is constantly reviewing its data protection training based on feedback from delegates and its CRM provider is ISO27001 accredited.

Its agile workers are also equipped with laptops that have appropriate security measures in place.

The areas in which Stoke on Trent could improve on include periodical review of council contracts that provide access to personal data, locking down on writable CD/DVD drives on desktop machines, the implementation of an Information Asset Register and the implementation of the Privacy Impact Assessment procedure.

Stoke happy with results

"We are pleased that the audit found 'reasonable assurance' that we are complying with our obligations. This is second on scale of four assurance levels," a statement on the local authority's website claims.

"We note from the ICO's published audits that only two other local authorities have achieved this rating in the last six months.

"There were recommendations from the audit and again we were pleased to see that none of these showed any failure to meet statutory requirements, showing that the council is meeting its legal obligations in this area.

"Even so, there is always room for improvement and we have accepted the ICO's recommendations to improve current processes," it adds.