Islington Council recorded bank details against regulations
- Credit: Archant
ICO finds fault with some of town hall’s data practices but say holes in system are being rectified
Credit card details given to Islington Council have been recorded against regulations, according to a report by the Information Commissioner’s Office (ICO).
The town hall invited the ICO to review its data handling policies back in February after three serious data breaches in the space of a year, one of which lead to a 70,000 fine.
In a report published last month, the ICO found that call recording – which should have been disabled when residents were giving their bank details – had been left on.
Other criticisms of the council’s practices include the fact that new starters or temporary workers were given access to Adult Social Services data without completing the proper training and that the system for responding to service access requests needed improvement.
You may also want to watch:
The ICO did however say that systems were already in place with a view to solving these problems and praised the council’s new training systems and its “robust, fit-for-purpose ICT infrastructure” – with the visit giving inspectors “reasonable assurance” over the town hall’s practices.
The report found: “Customer call recording is in operation in the Contact Centre and recordings are kept for one year, in line with the council’s retention policy.
- 1 Reaction from winners of Islington by-elections
- 2 London elections 2021: Latest results as they come in live
- 3 900-year-old Farringdon market can continue despite opposition
- 4 'Massive stabbing' in Old Street: Man attacked outside Moorfields Hospital
- 5 Islington election hopeful faces trial on intimidation, cocaine and ABH charges
- 6 Labour's Sadiq Khan wins London mayoral election
- 7 Islington reports lowest coronavirus infection rate in London
- 8 Man, 70, charged with murder of Imani Allaway-Muir
- 9 St George's Day, Partners Islington, LTNs and Local Plan policy
- 10 Sharks and rooftop pavilions: Time for planning laws 'middle way'
“However, call recording is not disabled when service users provide payment card details, which is a breach of the Payment Card Industry (PCI) accreditation requirements.
“However, a project is currently underway to address this issue.”
The town hall’s data breach spree started in April 2012 when they released the details of residents living on the Andover Estate to drug takers they were complaining about. Three months later they published details, including sexuality, of more than 2,000 council home applicants.
Cllr Andy Hull, the council’s executive member for finance and performance, said: “Applying the best and most up-to-date practice is crucial to ensure that the data we hold is kept safe and secure. So, when we were offered the opportunity of an audit of our systems and procedures by the Information Commissioner’s Office, we were happy to accept. The result has been positive, with the Council awarded ‘Yellow’ status, putting it in the second highest of four possible categories.
“During the Information Commissioner’s audit, a few areas were highlighted for development, as expected. Many of the Commissioner’s recommendations have now been implemented and we are working towards the completion of the rest.
“All our residents, customers and service users can be confident that the data we hold is stored and handled securely.”