Issue - meetings

Report No:   CAB/FH/14/013

Cabinet Member: Stephen Edwards           Lead Officer: Joy Bowes

Summary and Reason for Recommendation

Compliance with the Data Protection Act is monitored and enforced by the Information Commissioner’s Office (ICO).  The ICO has the power to impose fines of up to £500,000 for a serious breach of one or more of the data protection principles and where the breach is likely to cause substantial damage or distress.  This is in addition to any penalties imposed by the courts against individuals who unlawfully breach the DPA. ICO guidance therefore stresses that it is vital for all Council employees, members and contractors to understand the importance of protecting personal data; that they are familiar with the organisation’s security policy; and that they put its security procedures into practice.

This joint policy, attached as Report No: CAB/FH/14/013 (based on that previously adopted by Forest Heath District Council) outlines the principles of the Data Protection Act 1998 (DPA) and identifies how both Forest Heath District Council and St Edmundsbury Borough Council (jointly referred to as West Suffolk Councils throughout the policy) comply with the Data Protection Act. It aims to give guidance on how the requirements of the Act apply to the work of the Councils.

Recommendation

It is RECOMMENDED that, subject to approval by full Council, the Data Protection Policy, provided as Report No CAB/FH/14/000, be adopted.

RESOLVED:

That the West Suffolk Data Protection Policy, provided as Report No CAB/FH/14/013, be adopted.

The Cabinet Member for Resources, Governance and Performance explained that compliance with the Data Protection Act was monitored and enforced by the Information Commissioner’s Office (ICO).  The ICO had the power to impose fines of up to £500,000 for a serious breach of one or more of the data protection principles and where the breach was likely to cause substantial damage or distress.  This was in addition to any penalties imposed by the courts against individuals who unlawfully breached the DPA. ICO guidance therefore stressed that it was vital for all Council employees, members and contractors to understand the importance of protecting personal data; that they were familiar with the organisation’s security policy and that they put its security procedures into practice.

This joint policy, attached as Report No CAB/FH/14/013 (based on that previously adopted by the Council) outlined the principles of the Data Protection Act 1998 (DPA) and identified how both Forest Heath District Council and St Edmundsbury Borough Council (jointly referred to as West Suffolk Councils throughout the policy) complied with the Data Protection Act. It aimed to give guidance on how the requirements of the Act applied to the work of the Councils.

The Acting Solicitor to the Councils also clarified that the adoption of this Policy could be determined by the Cabinet and would not need to be recommended onto Council.

With the vote being unanimous, it was

RESOLVED:

That the West Suffolk Data Protection Policy, provided as Report No CAB/FH/14/013, be adopted.