We’ll not beat about the bush and come straight to the point. Since the Waste Collection contract fiasco, many of you have contacted us regarding your Cllrs and their data protection behaviour.
All Cllrs have received data protection training. However, in excess of 400 residents (and rising) have sent documentary proof of Cllrs who are failing to following their training and adhere to data protection law.
Councillors work in three different capacities with respect to data protection:
1. As a representative of their ward, assisting constituents. When they work in this way, they are a ‘data controller’. This means they are responsible for any personal data you entrust to them and must ensure it is processed appropriately and securely and also destroyed appropriately
2. As a representative of the Council, such as when working on a committee or officially appointed body. In these circumstances, the Council is considered to be the data controller and Cllrs work in accordance with the rules and requirements the Council specifies on personal data.
3. As a representative of a political party, for example when canvassing or during election campaigns. In these circumstances, the party is the data controller and I work in accordance with their rules and requirements when processing personal data.
It is the first instance (No 1) we are speaking of.
Cllrs have sent out emails with links to their privacy notices to many residents:
B) – There are Cllrs who send emails to residents as No 1 above with no Cllr Privacy Notice at all. (No, they cannot use the Council Privacy Notice)
C) – And there are some Cllrs who only respond to residents from their personal email addresses, as they believe the Council read their email accounts.
Of course, A – B and C breach data protection and all three go against what Cllrs were taught at data protection training.
What was the point and purpose of the data protection training if Cllrs are not adhering to what they were taught?
Also one must consider how a Cllr destroys a constituents email whose need of help has ended and it is no longer necessary to hold the constituent’s data. Simply deleting files does not permanently remove them. So how are Cllrs destroying residents data? Going as far as The Guardian did with the Snowden files is also a little drastic.
We have advised all residents who received type A, B or C emails to formally lodge direct complaints with the Information Commissioner’s Office (ICO), which many of them have done. We have told them to do this as the Council’s monitoring officer – Amandeep Khroud – is unlikely to take any action against any Cllr for breaching data protection law. Cllrs will only begin to take data protection seriously when the ICO has had a word in their ear, we hope.
Many Cllrs believe the Council read private and confidential emails between constituent and Cllr. This they say forces them to use their private email addresses to correspond with constituents. This gets round any snooping by the Council. This is understandable, but unfortunately this breaches data protection law.
Obviously Cllr Ray Field is the Cabinet Member for Information technology, information access and security and it’s Cllr Monk who is responsible for corporate governance and legal.
This slideshow requires JavaScript.
On the Council side, it is Charlotte Spendley s151 Officer who is responsible for ICT and Digital Services and Legal Services. And it’s her boss Dr Susan (I want to leave FHDC asap) Priest who is responsible overall as the Head of Paid Service and Chief Exec of the Council.
Cllrs need to get their act together especially when it comes to constituents data they hold. There will come a time when a Cllr or Cllrs will be hauled before the ICO and fined. Then and then only will they begin to take data security and data protection of constituents personal and sensitive data seriously.
Had an email from Cllr Shoob not to long ago with no Cllr Privacy Notice. I’ll be writing to her to ask why she’s ignoring data protection law. I’ll also inform the ICO.
Do Councillors not receive training about their obligations under the Data Protection Act 2018? Also, the Information Commissioner’s Office does provide helpful guidance (link below) which one would hope (perhaps I am being over optimistic) that Councillors will have received and more importantly read!
I agree that the guidance is based on the 1998 Act, but the ICO state on the front page that they still consider it to be useful. Equally, Councillors can also use the data protection resources provided by the Local Government Association (links below).
The following information has not been updated since the Data Protection Act 2018 became law. Although there may be some subtle differences between the guidance in this document and guidance reflecting the new law – we still consider the information useful to
those in the media
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
Discover more from ShepwayVox Dissent is not a Crime
Subscribe now to keep reading and get access to the full archive.
Had an email from Cllr Shoob not to long ago with no Cllr Privacy Notice. I’ll be writing to her to ask why she’s ignoring data protection law. I’ll also inform the ICO.
Do Councillors not receive training about their obligations under the Data Protection Act 2018? Also, the Information Commissioner’s Office does provide helpful guidance (link below) which one would hope (perhaps I am being over optimistic) that Councillors will have received and more importantly read!
https://ico.org.uk/media/for-organisations/documents/1432067/advice-for-elected-and-prospective-councillors.pdf
The link for Cllrs is out of date and should NOT be relied upon
I agree that the guidance is based on the 1998 Act, but the ICO state on the front page that they still consider it to be useful. Equally, Councillors can also use the data protection resources provided by the Local Government Association (links below).
The following information has not been updated since the Data Protection Act 2018 became law. Although there may be some subtle differences between the guidance in this document and guidance reflecting the new law – we still consider the information useful to
those in the media
https://www.local.gov.uk/our-support/guidance-and-resources/general-data-protection-regulation-gdpr
https://www.local.gov.uk/our-support/guidance-and-resources/general-data-protection-regulation-gdpr/gdpr-and-data-protection