You are viewing this message because you do not have a modern web browser.
Please follow these links to download a standards compliant browser. Internet Explorer download | Firefox download | Opera 8 download | Safari download (Mac only)

“Dickinson Dees continues to dominate the North East market. 2007 saw continued substantial growth. And the firm’s offices is York and London have enabled it to attract some major new clients nationally as well as instructions on groundbreaking deals.”

“While it is unquestionably the region’s number one, it is taking significant steps to become a nationally recognised practice.”

Legal 500 2008

Hefty new data fines threaten local authorities - 29 Jan 2010

Following a consultation exercise in December, new regulations have been published by the Government this month and Ms Gray urges local authorities to reassess compliance risks before the new fines come into force.

Ms Gray comments: “Local authorities cannot afford to be complacent about data protection. Since the child benefit data loss by HMRC in 2007, there has been a significant increase in data security incidents leading to enforcement action by the Information Commissioner. To date this has been limited to organisations having to take steps to improve their processes and procedures, most recently in the case of Lancashire County Council and Shropshire Council. However in future, the Information Commissioner could impose significant financial penalties for serious data protection breaches which would be a serious drain on already stretched financial resources.

Data protection should be a serious ongoing concern for the public sector, and local authorities should re-assess their level of compliance and review policies and procedures now, or risk potentially significant financial consequences in addition to reputational damage if data breaches occur.”

Ms Gray outlines 5 specific areas which, in her experience, can easily expose local authorities to data protection breaches:

1. Responsibility – data protection can often fall between the responsibilities of different functions. Ensure someone at senior management level is accountable for data protection compliance across the authority
2. Policies & Procedures – these can easily become out of date and their significance and content forgotten. Review policies and procedures and bring them up to date, concentrating particularly on data sharing arrangements, data security and home working
3. Training – staff need to know how important data protection is and to treat it as a priority in its own right. Training programmes need to be in place to ensure all staff receive basic awareness training, refresher training and targeted training for those working in high risk areas such as social services, education and HR
4. Physical & technical security – ensure computers and laptops are physically secure and that personal information is stored on the network. Where it has to be downloaded, ensure data is protected by using only encrypted PCs, laptops and memory sticks
5. Data processing – ensure written contracts are in place where personal data is processed by third parties and review existing arrangements to ensure that data processors have adequate data security measures in place to protect your data.