Information Commissioner's Office
Printable version E-mail this to a friend

Social housing organisations report: areas to improve, but also some good practice

A report published by the Information Commissioner’s Office (ICO) today has highlighted areas where social housing organisations should improve their compliance with the Data Protection Act.

The report is a summary of nine advisory visits and four audits carried out across the UK over the past three years. The visits found that organisations need to improve their policies and procedures regarding data sharing, data retention and homeworking. But the report also found good practice in areas such as encryption and the physical security of office buildings. Other improvements were also suggested in relation to secure printing and maintaining a records inventory.

Announcing the publication of the report John-Pierre Lamb, ICO Group Manager in the Good Practice team, said:

“Over 2 million people live in social housing organisation accommodation, many of them from vulnerable groups such as the disabled and the elderly. Social housing organisations have to handle vast amounts of sensitive personal information so it is critical they understand their responsibilities under the Data Protection Act.

“Our report uncovered areas where the sector needs to improve, including data sharing and retention, but also areas where good practice was evident such as physical security. Clear policies and procedures along with appropriate training and high staff awareness are the cornerstones of good data protection and will help prevent future breaches.”


Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter.

4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

5. If you need more information, please contact the ICO press office on 0303 123 9070.

The Elder Interview Home First – success, progress and shaping future services