During September 2014, Kirklees Council agreed with the Information Commissioner's Office to an audit of its data protection practices. This provided the council with an opportunity to reflect on current practices and ongoing work regarding information governance and was a welcome opportunity for an independent review of these working practices.
The audit found that the council provided a reasonable level of assurance that processes and procedures are in place and we deliver data protection compliance.
Reasonable assurance is the second highest level achievable in an audit. The Data protection audit report shows the executive summary of the December 2014 report on Kirklees Council. The Summary of 16 local authorities puts our rating into context. No councils achieved the highest rating, 56% achieved the same rating as Kirklees, and 44% were given a lower rating.
Conclusions and recommendations
- The audit found that physical access controls to buildings was good and praised the technical security of our systems.
Areas for improvement
- making data protection training mandatory and enhancing this with refresher training, which the council has now implemented.
- reviewing our existing policies, as well as creating some new ones.
- These were primarily around enhancing existing processes to facilitate compliance with the Data Protection Act and ensuring routine training is undertaken.
- This has given the council some focussed areas to work on to improve our ongoing work on information governance and, particularly, data protection.