Information Commissioner's Office
ICO orders Welsh council to improve on data protection
The ICO has ordered Anglesey County Council to improve its data protection practices after it repeatedly failed to address security and privacy issues.
Two separate security incidents as far back as 2011 led to the council signing undertakings to make changes and improve practices. But despite committing to the improvements, audit visits in July 2013 and October 2014 still found unresolved problems with the security of personal data.
Anne Jones, Assistant Commissioner for Wales said:
“It is not acceptable for an organisation to disregard the findings of audits or to fail to deliver promised improvements. Anglesey Council has not provided sufficient evidence to show it has implemented our recommendations to the standards we would expect.
“Put simply, the ICO lacks confidence in Anglesey County Council’s commitment to having the measures in place that are needed to keep people’s personal data secure. This enforcement notice puts an additional legal requirement on them to do so.”
The enforcement notice orders the council to put in place mandatory data protection training for all staff, maintain a records management policy and ensure appropriate controls are in place when staff leave the organisation.
It is a breach of the seventh Data Protection Principle to fail to take appropriate security measures against the unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The ICO is onTwitter, FacebookandLinkedIn. Read more in the ICO blogand e-newsletter.Our Press Office page provides more information for journalists.
- Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection
Latest News from
Information Commissioner's Office
Blog: Providing practical data protection guidance to the media sector13/10/2021 14:25:00
A blog by Elizabeth Denham, Information Commissioner
ICO response to DCMS consultation “Data: a new direction”07/10/2021 12:20:00
Foreword from Elizabeth Denham CBE, UK Information Commissioner.
Statement on mandatory vaccination and COVID status check schemes ahead of their introduction in Scotland and Wales29/09/2021 14:10:00
The UK Information Commissioner, Elizabeth Denham, commented ahead of the introduction of mandatory vaccination and COVID status checks in Scotland and Wales
Statement in response to use of ICO corporate charge card28/09/2021 15:20:00
An ICO spokesperson released a statement in response to use of ICO corporate charge card
Statement in response to use of ICO corporate charge card27/09/2021 16:43:00
Statement given in response to use of ICO corporate charge card.
International progress for domestic benefit: why the ICO convened a G7 meeting on data flows20/09/2021 16:15:00
A blog by Elizabeth Denham, UK Information Commissioner
We Buy Any Car, Sports Direct and Saga fined £495,000 after sending millions of ‘frustrating and intrusive’ nuisance messages.15/09/2021 13:20:00
The ICO has today announced fines totalling £495,000 to well-known companies that between them sent more than 354 million nuisance messages.
Blog: Sharing personal data in an emergency – a guide for universities and colleges15/09/2021 09:15:00
A blog by Viv Adams, Principal Policy Adviser in the ICO Parliament and Government Affairs team
G7 data protection and privacy authorities’ meeting: communiqué13/09/2021 09:10:00
The UK Information Commissioner’s Office (ICO) brought together data protection and privacy authorities from G7 countries, as well as guests from the Organisation for Economic Cooperation and Development (OECD) and the World Economic Forum (WEF), for a discussion this week on shared emerging challenges that need closer international collaboration.