|Personal data disclosed on the council’s intranet in error.
|A spreadsheet containing details of individuals who had not signed a new employment contract was wrongly appended to a review document for general access on the intranet, rather than being added separately as a restricted item. The ICO investigation revealed that data protection and information security training for those with access to personal data had not been mandatory and that the policies on handling personal data were incomplete.
ActionUndertaking to comply with the seventh data protection principle.
|26 November 2013.
|The Council will review and revise its data protection policies and ensure existing staff have appropriate training by 31 December 2013. All new staff whose roles involve access to personal data will receive training as soon as they begin their employment at the Council. Compliance with these policies and the training will be regularly monitored and enforced.