Posted: August 26th, 2016 11:11am +00:00

Information governance and data regulation in local government

Local governments hold a huge amount of information, including sensitive personal data. This data needs to be handled in a discreet manner in order to protect people’s identities, reputations and privacy, as well as keeping within legal requirements.


  • There are many regulations that define how information and data need to be handled and protected. In England, these include:
  • The Data Protection Act 1998 (DPA)
  • The common law duty of confidentiality
  • The Social Care Record Guarantee for England
  • The international information security standard: ISO/IEC 27002: 2005
  • The Freedom of Information Act 2000
  • The Human Rights Act article 8
  • The Code of Practice for the Management of Confidential Information

Additional regulations cover Wales, Scotland and Northern Ireland. These regulations have been put in place to cover a variety of data types, from contact details to financial information and medical records – there are also a number of regulations that specifically relate to the NHS and social services and how they deal with information. Accessing the Public Services Network (PSN) – a nationwide network of public services data – also requires users to demonstrate a high level of data protection.

Compliance: what is required?

The various regulations have different requirements, but they all share the primary objectives of maintaining confidentiality, protecting data and keeping information secure. As part of this, organisations must be able to demonstrate how their management structures and responsibilities ensure compliance. In each case, a robust data framework should determine how data is collected and stored. It also needs to define how data is used and when it can be shared. This will help to ensure that personal information is processed legally, securely, efficiently and effectively.


The consequences of non-compliance depend on which regulations have been violated. The DPA, for example, details a number of civil and criminal offences that a data controller may be liable for if they fail to gain appropriate consent from a data subject. Other offences under the DPA include:

  • processing personal information without registration
  • failing to comply with notification regulations
  • obtaining unauthorised access to personal data Compliance with the DPA is regulated and enforced by the Information Commissioner’s Office.

This is an independent body that can impose monetary penalties for breaches.

Risk management software from JCAD

JCAD’s CORE risk management software is a flexible framework that can help local authorities – and other organisations in both the public and private sectors – to identify, monitor and mitigate risk. In addition, JCAD CORE can be used to help demonstrate compliance. The system makes it easy for users to monitor records, store documentation, view tasks and track what actions are taken to reduce risk and keep within regulations.

News you might like
Has your organisation considered the risks of AI?

While AI offers numerous benefits for businesses, it also comes with potential risks that need careful consideration. Here are some…

Read more
What strategies are being employed by the higher education sector to respond to emerging risks?

Emerging threats pose unique challenges for higher education institutions, but some promising strategies are being implemented to navigate them: Climate…

Read more
Emerging risks for higher education

Higher education institutions are facing a complex landscape of risks, some of which are longstanding challenges, while others are emerging…

Read more

JCAD will subscribe you to our newsletter . Please see our updated privacy policy for more information regarding the use of your data. You can unsubscribe whenever you like through the preferences option on the newsletter.