Islington Council recorded bank details against regulations
- Credit: Archant
ICO finds fault with some of town hall’s data practices but say holes in system are being rectified
Credit card details given to Islington Council have been recorded against regulations, according to a report by the Information Commissioner’s Office (ICO).
The town hall invited the ICO to review its data handling policies back in February after three serious data breaches in the space of a year, one of which lead to a 70,000 fine.
In a report published last month, the ICO found that call recording – which should have been disabled when residents were giving their bank details – had been left on.
Other criticisms of the council’s practices include the fact that new starters or temporary workers were given access to Adult Social Services data without completing the proper training and that the system for responding to service access requests needed improvement.
You may also want to watch:
The ICO did however say that systems were already in place with a view to solving these problems and praised the council’s new training systems and its “robust, fit-for-purpose ICT infrastructure” – with the visit giving inspectors “reasonable assurance” over the town hall’s practices.
The report found: “Customer call recording is in operation in the Contact Centre and recordings are kept for one year, in line with the council’s retention policy.
- 1 'Extreme' noise complaint as 150 gather for Islington party
- 2 Meet the owner of the Camden Passage shop window where nothing is for sale
- 3 Statue of Philip Noel-Baker replaced in Islington after 35 years
- 4 Elderly woman robbed of precious watch in daylight Finsbury Park incident
- 5 New pub opens in place of The Monarch in Chalk Farm Road
- 6 New Lidl to open in Finsbury Park's Arts Building next week
- 7 What do smoking and People Friendly Streets have in common?
- 8 'We can do better': Islington Society calls for rethink on Barnard Park plans
- 9 Two men jailed for life after double murder
- 10 Islington and Camden police chief to leave Met after 29 years
“However, call recording is not disabled when service users provide payment card details, which is a breach of the Payment Card Industry (PCI) accreditation requirements.
“However, a project is currently underway to address this issue.”
The town hall’s data breach spree started in April 2012 when they released the details of residents living on the Andover Estate to drug takers they were complaining about. Three months later they published details, including sexuality, of more than 2,000 council home applicants.
Cllr Andy Hull, the council’s executive member for finance and performance, said: “Applying the best and most up-to-date practice is crucial to ensure that the data we hold is kept safe and secure. So, when we were offered the opportunity of an audit of our systems and procedures by the Information Commissioner’s Office, we were happy to accept. The result has been positive, with the Council awarded ‘Yellow’ status, putting it in the second highest of four possible categories.
“During the Information Commissioner’s audit, a few areas were highlighted for development, as expected. Many of the Commissioner’s recommendations have now been implemented and we are working towards the completion of the rest.
“All our residents, customers and service users can be confident that the data we hold is stored and handled securely.”