Thursday, November 21, 2013

Oh Dear! Anglesey's Ad-Hoc Data Protection System

During the summer of 2013, the Information Commissioner's Office (ICO) swept in to the offices of Anglesey County Council to investigate their policies and procedures for handling personal data.

Whilst this was notionally an audit undertaken with the authority's consent, such audits are generally a marker of ineffective systems and triggered by significant failings.

From the uninsurable, flood-plain built offices of Anglesey: inadequate data protection systems.

Anglesey does not have a happy DPA history.  It's Chief Executive, Richard Parry Jones, has signed two undertakings (2012 edition here) in as many years to improve matters.

None of this seems to have led to any changes.

In a report dated October 2013, the ICO found:

  • No corporate training system for data protection
  • No defined corporate staff structure for data protection handling
  • "Inappropriate" systems for storing and securing personal data

The Executive Summary of the report can be read below: