Mandatory training for Central Beds Council staff after data protection breaches

Central Bedfordhire Council headquarters. Picture: Tony MargiocchiCentral Bedfordhire Council headquarters. Picture: Tony Margiocchi
Central Bedfordhire Council headquarters. Picture: Tony Margiocchi
Steps are being taken by Central Bedfordshire Council to prevent data protection breaches, which have affected the local authority’s children’s services department.

A previous CBC data breach was described as a “complete failure of process” when the names of dozens of children with SEND were included in a response to a parent’s question in an email two years ago.

Hide Ad
Hide Ad

Compulsory training is being introduced which will be updated on an annual basis, a meeting of CBC’s corporate resources overview and scrutiny committee was told.

Independent Aspley and Woburn councillor John Butler explained: “There’ve been a number of general data protection regulation (GDPR) breaches, largely relating to children’s services reported in the local media.

“I was of the view the first time might be an accident, but the second time really shouldn’t have happened. I’ve spoken to officers about what we can do, what processes we can change to stop confidential information being leaked to the wrong people.

“Essentially this was talking place by officers sending an email, attaching a wrong document and sending it to the wrong parent. Emel Morris, who’s CBC’s chief information officer, and colleagues working with the corporate management team have implemented new procedures for the local authority.

Hide Ad
Hide Ad

“There’s now mandatory training in cyber security and general use of council resources, which must be undertaken by all staff once a year,” he said. “All current employees and new staff will have to take it.

“The onus is on the manager to make sure their staff have taken that training. This training talks about the importance of how confidential data and data in general should be shared.

“This might for example be using modern technology such as SharePoint and One Drive and sharing links to data and providing passwords, via a text message, rather than thinking ‘I’ll just attach this to an email because that’s the way we always did things’.

“So mandatory training is important. I was thinking all members should take the training, although I’ll start myself and take it. But certainly staff within the council and managers are responsible to ensure that training takes place.

Hide Ad
Hide Ad

“What happens if someone doesn’t take the training, or it lapses as they haven’t take it again in 12 months? Consequences include removal of all IT access. I’ve had that confirmed to me in writing.

“People ask ‘what are you doing about it because it keeps happening?’ A substantive step has been taken to do something about this. The mandatory training is very useful, as is the threat of ‘follow the rules or your IT access is removed’.

“I hope its helpful to the public, including Central Bedfordshire SEND action group, which repeatedly raised this as a concern it didn’t feel was being addressed.”

Conservative Flitwick councillor Ian Adams, who chairs the committee, acknowledged: “You’re taking steps so it doesn’t happen again in future.”

CBC issued an apology after the action group reported the second breach, which listed children aged 14 to 17, their dates of birth and the staff member responsible for their case.

Comment Guidelines

National World encourages reader discussion on our stories. User feedback, insights and back-and-forth exchanges add a rich layer of context to reporting. Please review our Community Guidelines before commenting.

News you can trust since 1861
Follow us
©National World Publishing Ltd. All rights reserved.Cookie SettingsTerms and ConditionsPrivacy notice