Wolverhampton City Council has been ordered to train staff in data protection after showing a ‘startling’ lack of urgency over information security.
According to LG News:
The enforcement action issued by the Information Commissioner’s Office (ICO) follows a string of warnings issued by inspectors dating back over two years.
Wolverhampton will now have to ensure adequate data protection training is provided to all staff within 50 days or the issue will be treated as contempt of court.
An ICO audit undertaken with the council in late 2011 recommended the provision of mandatory staff training on information security. This policy was introduced in May 2013, with instruction for all employees to be completed by the end of February this year.
However, subsequent investigation revealed over two thirds of employees have still not undertaken the training.
‘The lack of urgency displayed by Wolverhampton City Council is startling,’ ICO head of enforcement, Stephen Eckersley, said.
‘Over two years ago, we reviewed the council’s practices and highlighted the need for guidance and mandatory training to help its staff keep residents’ information secure.
‘Despite numerous warnings the council has failed to act, with over two thirds of its staff still remaining untrained. We have taken positive steps and acted before this situation is allowed to continue any longer and more people’s personal information is lost.’
A spokesperson from Wolverhampton said: ‘The council accepts the findings in the ICO report. Over the last year, employees have been undertaking compulsory data protection training and we are on track to meet the ICO’s deadline to complete this.
‘This is one of a number of significant measures we have put in place to improve the council’s Information Governance service since the ICO’s audit in 2011.’