Posted: August 26th, 2016 11:11am +00:00

Information governance and data regulation in local government

Local governments hold a huge amount of information, including sensitive personal data. This data needs to be handled in a discreet manner in order to protect people’s identities, reputations and privacy, as well as keeping within legal requirements.

Regulations

  • There are many regulations that define how information and data need to be handled and protected. In England, these include:
  • The Data Protection Act 1998 (DPA)
  • The common law duty of confidentiality
  • The Social Care Record Guarantee for England
  • The international information security standard: ISO/IEC 27002: 2005
  • The Freedom of Information Act 2000
  • The Human Rights Act article 8
  • The Code of Practice for the Management of Confidential Information

Additional regulations cover Wales, Scotland and Northern Ireland. These regulations have been put in place to cover a variety of data types, from contact details to financial information and medical records – there are also a number of regulations that specifically relate to the NHS and social services and how they deal with information. Accessing the Public Services Network (PSN) – a nationwide network of public services data – also requires users to demonstrate a high level of data protection.

Compliance: what is required?

The various regulations have different requirements, but they all share the primary objectives of maintaining confidentiality, protecting data and keeping information secure. As part of this, organisations must be able to demonstrate how their management structures and responsibilities ensure compliance. In each case, a robust data framework should determine how data is collected and stored. It also needs to define how data is used and when it can be shared. This will help to ensure that personal information is processed legally, securely, efficiently and effectively.

Non-compliance

The consequences of non-compliance depend on which regulations have been violated. The DPA, for example, details a number of civil and criminal offences that a data controller may be liable for if they fail to gain appropriate consent from a data subject. Other offences under the DPA include:

  • processing personal information without registration
  • failing to comply with notification regulations
  • obtaining unauthorised access to personal data Compliance with the DPA is regulated and enforced by the Information Commissioner’s Office.

This is an independent body that can impose monetary penalties for breaches.

Risk management software from JCAD

JCAD’s CORE risk management software is a flexible framework that can help local authorities – and other organisations in both the public and private sectors – to identify, monitor and mitigate risk. In addition, JCAD CORE can be used to help demonstrate compliance. The system makes it easy for users to monitor records, store documentation, view tasks and track what actions are taken to reduce risk and keep within regulations.

News you might like
What do you need before embarking on an ERM project?

Climate change, the COVID 19 pandemic, financial crises and geo-political instabilities are just the sort of hard-hitting topics that make…

Read more
Congratulations Alarm 2022 Awards Winners

After a two-year enforced absence due to COVID, JCAD were again exhibitors at Alarm 2022. A big thank you goes…

Read more
What to be aware of when implementing an ERM strategy within a charity

JCAD have a number of charities making use of our risk management software to ensure the achievement of their strategic…

Read more

JCAD will subscribe you to our newsletter . Please see our updated privacy policy for more information regarding the use of your data. You can unsubscribe whenever you like through the preferences option on the newsletter.