Town Hall

Information Commissioner's Audit

Islington Council’s practices for handling personal information were audited by the Information Commissioner’s Office (ICO) in early 2015.

Our customers, service users and residents need to be confident that their personal and sensitive information is properly safeguarded, and so continuous improvement in this area is a council priority.

Like many public bodies, we have reported several data breaches to the ICO in recent years, so we willingly accepted the Commissioner’s offer to conduct an audit. We saw this as an opportunity to help us reflect on our current practices and suggest areas for further development.

Following this audit, the ICO, which is responsible for promoting and enforcing compliance with the Data Protection Act, has given Islington a Yellow (‘reasonable assurance’) rating – which is the second highest category and the rating that is most consistently given to local authorities which have been audited in recent years.

There were several areas of good practice highlighted in the audit, including:

  • Our development of a robust, fit-for-purpose ICT infrastructure
  • Our use of mandatory online training for all staff with access to the IT system
  • Our clear policies on handling data breaches or IT security incidents (including near misses)
  • Our development of a Cloud policy to guide those considering using cloud-based storage or applications

Many of the recommendations for improvement contained in the report have already been implemented. In addition, we have agreed to complete other actions such as:

  • Continue to embed Information Asset Registers to ensure that senior managers have a complete overview of information risk across the council 
  • Develop an e-learning training module for new starters and locums working in Adult Social Services
  • Standardise processes and guidance for dealing with Subject Access Requests
  • Comply with Payment Card Industry guidelines on how card data is stored. A project is underway to address this issue
  • Progress will be monitored by the Corporate Director of Finance, who is Islington’s Senior Information Risk Officer, a statutory position. We will make a progress report to the Information Commissioner in approximately six months’ time
Was this information helpful?
  1. Please select