Data Protection Act – do staff have the right to know?

Earlier this week The Independent published an article which revealed that ‘Medical and social security records kept by public bodies are being unlawfully or inappropriately accessed dozens of times a month and hundreds of civil servants disciplined for data offences.

This is a serious finding which increases concern about security of personal data.

It also raises another, more important question: Who is accountable? Is it the staff who breach the Data Protection Act (DPA), or the employers for failing to make staff aware of their duties under the DPA in the first instance?

The same article goes on to reveal that staff at the Department for Work and Pension (DWP) are being reprimanded for breach of the rules governing the organisation’s database. Between April 2010 and March 2011, a total of 513 DWP staff members were disciplined for “unauthorised disclosure of official, sensitive, private and/or personal information… to anyone”. For the 10 months from April 2011 to this January, the figure was 463.

Only two weeks ago the Information Commissioner’s Office (ICO) issued a fine of £70,000 to an NHS body after a report containing sensitive information about a patient’s health was sent to another person.

Let’s not forget that one of the biggest penalties last year (which went to Midlothian Council) was fined £140,000 for sending details of children and their carers to the wrong people five times within 12 months.

Finally, the Business case for the extension of Assessment Notice powers published by the ICO in 2011 shows that over the last 5 years, the local government and health sectors were the top regions in which the Information Commissioner had received complaints of potential data protection breaches from individuals.

Should staff insist on being given proper training in the DPA requirements to enable them to better observe the law?

Public departments as well as private organisations handling personal data should be taking urgent measures to improve data protection awareness.

Disciplinary action can’t be the answer to data breaches – it is expensive and disruptive.

Deploying DPA Staff Awareness eLearning across the organisation, equipping staff to deal with the range of DPA-related issues they encounter, would significantly reduce the administrative cost of disciplinary actions whilst simultaneously helping improve staff morale.

DPA Staff Awareness eLearning is the most cost-effective method available for enabling staff to meet their DPA obligations. Moreover, it can spare you a heavy fine and reputation damage by reducing the likelihood for data breaches as a result from a human error.

Call 0845 070 1750 now to inquire about your customisable and multiuser licence DPA Staff Awareness eLearning course.