An Information Commissioner’s Office (ICO) audit of 17 UK Police forces found just one of these met the criteria to receive the highest rating for data protection compliance.
From April 2013 to April 2014, the Office examined the Police forces, auditing them in order to compile a report of good practice and areas for improvement.
The majority (10) of forces received the “reasonable assurance” level for overall data protection, six were in the “limited assurance” and none were rated “very limited assurance.”
The overall assurance ratings are broken down into different areas of data protection during the audit process, these are: data protection governance, records management, requests for personal data, security of personal data, training and awareness and data sharing.
Police forces scored poorly in the areas of security of personal data and training awareness – no constabularies received the high assurance rating for these.
However, the Police forces involved claimed they were going to use the feedback they received from the audits to improve.
“Data protection has a higher profile and staff are more aware of the importance of data protection. I found the audit informative and very beneficial. Lessons have been learnt and action taken to improve our compliance,” said one participant recorded in the report.
In the document, the ICO makes a number of recommendations for best practice, including self-assessment/assurance tools being in place to enhance information governance.
The organisation also recommends the implementation of a records management team with responsibility for all of a force’s electronic records.
ICO stresses the importance of training in the data protection, information security, information security and records management areas.