Folkestone & Hythe District Councillors breach data protection law again

We’ll not beat about the bush and come straight to the point. Since the Waste Collection contract fiasco, many of you have contacted us regarding your Cllrs and their data protection behaviour.

All Cllrs have received data protection training. However, in excess of 400 residents (and rising) have sent documentary proof of  Cllrs who are failing to following their training and adhere to data protection law.

Councillors work in three different capacities with respect to data protection:

1. As a representative of their ward, assisting constituents. When they work in this way, they are a ‘data controller’. This means they are responsible for any personal data you entrust to them and must ensure it is processed appropriately and securely and also destroyed appropriately

2. As a representative of the Council, such as when working on a committee or officially appointed body. In these circumstances, the Council is considered to be the data controller and Cllrs work in accordance with the rules and requirements the Council specifies on personal data.

3. As a representative of a political party, for example when canvassing or during election campaigns. In these circumstances, the party is the data controller and I work in accordance with their rules and requirements when processing personal data.

It is the first instance (No 1) we are speaking of.

Cllrs have sent out emails with links to their privacy notices to many residents:

A) – Privacy Notice: https://www.folkestone-hythe.gov.uk/media/6058/Councillors-Privacy-Notice 2019/pdf/Councillors__Privacy_Notice_2019.pdf

This link takes you to a Error 404 notice

B) – There are Cllrs who send emails to residents as No 1 above with no Cllr Privacy Notice at all. (No, they cannot use the Council Privacy Notice)

C) – And there are some Cllrs who only respond to residents from their personal email addresses, as they believe the Council read their email accounts.

Of course, A – B and C breach data protection and all three go against what Cllrs were taught at data protection training.

What was the point and purpose of the data protection training if Cllrs are not adhering to what they were taught?

Also one must consider how a Cllr destroys a constituents email whose need of help has ended and it is no longer necessary to hold the constituent’s data. Simply deleting files does not permanently remove them. So how are Cllrs destroying residents data? Going as far as The Guardian did with the Snowden files is also a little drastic.

We have advised all residents who received type A, B or C emails to formally lodge direct complaints with the Information Commissioner’s Office (ICO), which many of them have done. We have told them to do this as the Council’s monitoring officer – Amandeep Khroud – is unlikely to take any action against any Cllr for breaching data protection law. Cllrs will only begin to take data protection seriously when the ICO has had a word in their ear, we hope.

Many Cllrs believe the Council read private and confidential emails between constituent and Cllr. This they say forces them to use their private email addresses to correspond with constituents. This gets round any snooping by the Council. This is understandable, but unfortunately this breaches data protection law.

Obviously Cllr Ray Field is the Cabinet Member for Information technology, information access and security and it’s Cllr Monk who is responsible for corporate governance and legal.

This slideshow requires JavaScript.

On the Council side, it is Charlotte Spendley s151 Officer who is responsible for ICT and Digital Services and Legal Services. And it’s her boss Dr Susan (I want to leave FHDC asap) Priest who is responsible overall as the Head of Paid Service and Chief Exec of the Council.

Cllrs need to get their act together especially when it comes to constituents data they hold. There will come a time when a Cllr or Cllrs will be hauled before the ICO and fined. Then and then only will they begin to take data security and data protection of constituents personal and sensitive data seriously.

The Shepway Vox Team

Journalism for the People NOT the Powerful

 

About shepwayvox (1358 Articles)
Our sole motive is to inform the residents of Shepway - and beyond -as to that which is done in their name. email: shepwayvox@riseup.net

4 Comments on Folkestone & Hythe District Councillors breach data protection law again

  1. Had an email from Cllr Shoob not to long ago with no Cllr Privacy Notice. I’ll be writing to her to ask why she’s ignoring data protection law. I’ll also inform the ICO.

  2. Do Councillors not receive training about their obligations under the Data Protection Act 2018? Also, the Information Commissioner’s Office does provide helpful guidance (link below) which one would hope (perhaps I am being over optimistic) that Councillors will have received and more importantly read!

    https://ico.org.uk/media/for-organisations/documents/1432067/advice-for-elected-and-prospective-councillors.pdf

  3. I agree that the guidance is based on the 1998 Act, but the ICO state on the front page that they still consider it to be useful. Equally, Councillors can also use the data protection resources provided by the Local Government Association (links below).

    The following information has not been updated since the Data Protection Act 2018 became law. Although there may be some subtle differences between the guidance in this document and guidance reflecting the new law – we still consider the information useful to
    those in the media

    https://www.local.gov.uk/our-support/guidance-and-resources/general-data-protection-regulation-gdpr

    https://www.local.gov.uk/our-support/guidance-and-resources/general-data-protection-regulation-gdpr/gdpr-and-data-protection

Leave a Reply

%d bloggers like this: