What does this cover?

Anglesey County Council (Anglesey CC) – on 5 October 2015 the ICO reported on the Enforcement notice issued against Anglesey CC. The notice came about following Anglesey's repeated failure to address actions regarding data protection and privacy, despite the company committing to make changes (by way of undertakings and follow-up audit assessments) as far back as 2011.

Anglesey CC is required to take the following steps on an ongoing basis:

  • Monitor and act upon data protection key performance indicators and measures;
  • Mandatory data protection training programme for all staff, to be monitored and documented
  • Ensure policies are being read, understood and complied with by all staff;
  • Back-up information to the external server on a daily basis and test periodically to ensure they are recoverable;
  • Revoke physical access rights promptly when staff leave and periodically review to ensure appropriate controls are in place;
  • Address the adequate storage solutions for manual records; and
  • Undertake consistent and regular monitoring is undertaken to enforce a clear desk policy.

To view the Anglesey CC ICO Enforcement notice, please click here.

What action could be taken to manage risks that may arise from this development?

None - this is for interest only.