Recent enforcement action by the Information Commissioner’s Office (ICO) demonstrates the potential consequences of not adequately communicating policies and procedures to staff. In our experience, communication is often the missing link and where businesses are exposed; as we often say to our clients – whilst it is great to have policies and procedures, if they remain stuck in a file in a cupboard or buried on an intranet, then they are effectively useless.
In this recent case, the ICO accepted an undertaking from a London council to provide a continuing training programme for its staff after typing errors in an address on correspondence led to personal data being sent to the neighbour of the intended recipient. There was also another incident where a manual typing error led to details of a parking offence being e-mailed to the wrong person. The council had data protection procedures in place which should have prevented the breach, but training was found to be inadequate.
This blog was written by Sarah Wheadon who left the firm on 31 January 2016