Skip to content

We use cookies on this site

If you don't want to accept cookies, you can change your preferences

Accept Manage cookies
  1. Home
  2. About the council
  3. Information governance
  4. Data protection

Share your feedback on the new website designs

We are redesigning the council website to make it easier for you to find support and access council services online.

We'd love your feedback on our new design ideas. Your feedback will help us decide which design works best for everyone.

Review the designs on a phone

Review the designs on a laptop, desktop or tablet

Town Hall icon

Information Commissioner's Audit

Islington Council’s practices for handling personal information were audited by the Information Commissioner’s Office (ICO) in early 2015.

Our customers, service users and residents need to be confident that their personal and sensitive information is properly safeguarded, and so continuous improvement in this area is a council priority.

Like many public bodies, we have reported several data breaches to the ICO in recent years, so we willingly accepted the Commissioner’s offer to conduct an audit. We saw this as an opportunity to help us reflect on our current practices and suggest areas for further development.

Following this audit, the ICO, which is responsible for promoting and enforcing compliance with the Data Protection Act, has given Islington a Yellow (‘reasonable assurance’) rating – which is the second highest category and the rating that is most consistently given to local authorities which have been audited in recent years.

There were several areas of good practice highlighted in the audit, including:

  • Our development of a robust, fit-for-purpose ICT infrastructure
  • Our use of mandatory online training for all staff with access to the IT system
  • Our clear policies on handling data breaches or IT security incidents (including near misses)
  • Our development of a Cloud policy to guide those considering using cloud-based storage or applications

Many of the recommendations for improvement contained in the report have already been implemented. In addition, we have agreed to complete other actions such as:

  • Continue to embed Information Asset Registers to ensure that senior managers have a complete overview of information risk across the council 
  • Develop an e-learning training module for new starters and locums working in Adult Social Services
  • Standardise processes and guidance for dealing with Subject Access Requests
  • Comply with Payment Card Industry guidelines on how card data is stored. A project is underway to address this issue
  • Progress will be monitored by the Corporate Director of Finance, who is Islington’s Senior Information Risk Officer, a statutory position. We will make a progress report to the Information Commissioner in approximately six months’ time
Was this information helpful?



Data protection: We will handle your personal information in line with the Data Protection Act 1998 and in accordance with the council’s Fair Processing Notice.