In an audit of 16 councils last year that included an overall “assurance rating,” no authority received the high assurance that they were complying with data protection law.
Six authorities were told that there was much improvement needed and one received a warning that urgent, immediate action was necessary.
“The ICO has levied monetary penalties to local authorities for the most serious breaches of the data protection principles totally over £2.3m,” claimed John-Pierre Lamb, the organisation’s group manager in the good practice team.
“The types of breaches we’re seeing as fairly consistent, with personal information being disclosed in error and lost or stolen paperwork and hardware prevalent,” he added.
The ICO report identifies a list of areas for improvement in its report, such as improving training and ensuring effective data protection governance is in place.
The organisation also listed example of the good practice it found during the audits in areas including information security and records management.
“It’s clear that there’s room for improvement and not just by the local authorities we visited: the areas for improvement we identified in those visit should prove helpful to many local authorities,” claimed Lamb.
“By learning from the mistakes of others and indeed learning from the example of good practice we found, local authorities will improve their compliance with the law and be less likely to find the regulator knocking on their door,” he added.