Dumfries and Galloway Council has come under heavy criticism after a series of security breaches that occurred during 2011 and 2012. Efforts have been made to improve their data protection policy and the council has managed to implement 22 of the 41 recommendations that have been made by Scotland’s Data Protection czar. The recommendations were made after a report was compiled by the Scottish Data Protection czar who heavily criticised the data protection policy that was in place at the time that the investigation was conducted.
The council has now implemented three more new measures than they had planned and seem very pleased with their efforts while realising that there is still work to be done.
Councillor Dykes who chairs the audit and risk management committee stated, “I am pleased we can report progress against our action plan, though there is still work to be done. A further report will be presented to the audit and risk management committee in April and I can confirm that we will be keeping a close watch to see that the good progress continues.”
One of the latest measures that have been implemented is that social workers have been given special cases to carry files in. This step was undertaken after a confidential file which contained information about criminals and victims was found by tourists in a car park. The file was later handed in to the police at Cornwall Mount. Other incidents of data breaches include reports being sent to the wrong people and personal details of staff being posted on a public information website.
Spokesman Archie Dryburgh has been very critical of the council’s approach towards data protection and believes that the council’s self-congratulatory comments are premature.
Dryburgh stated, “Leaks of the public’s personal information are becoming endemic within this council and the council is taking an arrogant, complacent approach. The very fact the chair of the audit and risk management committee is publicly congratulating the council before it has even been scrutinised at committee shows exactly how this council operates – patting themselves on the back for a job well done and refusing to let people ask any questions.”
The most efficient way to help reduce the numbers of such incidents is to educate workers about data protection. You can have as many policies in place, but if an employee is unaware of the importance of abiding to the policies and how to appropriately handle and store the data, the likelihood of a security breach occurring remains high. In this case, the importance of education has been recognised by the setup of a data protection programme for staff. This should go a long way in helping to keep the data more secure along with the other policies that have been implemented.