The council has signed an undertaking with the Information Commissioner’s Office (ICO) pledging their commitment to data protection after the gaffe in January this year.
The details were of employees who had yet to sign new contracts and were published in error in a spreadsheet on the council’s intranet so were accessible to all council staff.
The ICO commented that the incident itself was minor as no sensitive, personal data was included and the information was only accessible by staff, but added: “However, the Commissioner’s investigation discovered that training in data protection and information security had not previously been a mandatory requirement for employees with access to personal data.
“It was further noted that the data controller’s [RBWM’s] policies and procedures on the handling of personal data were incomplete.”
As part of the undertaking, the Royal Borough has pledged to review and revise procedures for the handling of personal data, especially in information security, to all relevant staff by December 31.
A string of other information security gaffes came to light in a council internal audit report earlier this month including the loss of 388 laptops over the past five years and potentially personal or confidential documents not being disposed of securely during a change to a new system of working.
Mike McGaughrin, managing director, said: “The council takes the issue of data protection and information very seriously indeed and is implementing measures to ensure that everyone takes extra care in this regard. We are currently undergoing a programme of training and refresher training for every Royal Borough employee so that there is universal awareness about the importance of data security across our organisation.”