ICO finds fault with some of town hall’s data practices but say holes in system are being rectified

Islington Gazette: Cllr Andy HullCllr Andy Hull (Image: Dieter Perry)

Credit card details given to Islington Council have been recorded against regulations, according to a report by the Information Commissioner’s Office (ICO).

The town hall invited the ICO to review its data handling policies back in February after three serious data breaches in the space of a year, one of which lead to a 70,000 fine.

In a report published last month, the ICO found that call recording – which should have been disabled when residents were giving their bank details – had been left on.

Other criticisms of the council’s practices include the fact that new starters or temporary workers were given access to Adult Social Services data without completing the proper training and that the system for responding to service access requests needed improvement.

The ICO did however say that systems were already in place with a view to solving these problems and praised the council’s new training systems and its “robust, fit-for-purpose ICT infrastructure” – with the visit giving inspectors “reasonable assurance” over the town hall’s practices.

The report found: “Customer call recording is in operation in the Contact Centre and recordings are kept for one year, in line with the council’s retention policy.

“However, call recording is not disabled when service users provide payment card details, which is a breach of the Payment Card Industry (PCI) accreditation requirements.

“However, a project is currently underway to address this issue.”

The town hall’s data breach spree started in April 2012 when they released the details of residents living on the Andover Estate to drug takers they were complaining about. Three months later they published details, including sexuality, of more than 2,000 council home applicants.

Cllr Andy Hull, the council’s executive member for finance and performance, said: “Applying the best and most up-to-date practice is crucial to ensure that the data we hold is kept safe and secure. So, when we were offered the opportunity of an audit of our systems and procedures by the Information Commissioner’s Office, we were happy to accept. The result has been positive, with the Council awarded ‘Yellow’ status, putting it in the second highest of four possible categories.

“During the Information Commissioner’s audit, a few areas were highlighted for development, as expected. Many of the Commissioner’s recommendations have now been implemented and we are working towards the completion of the rest.

“All our residents, customers and service users can be confident that the data we hold is stored and handled securely.”