Report of the Comptroller & City Solicitor.
The Committee received the report of the Comptroller & City Solicitor on the General Data Protection Regulation (GDPR/Data Protection Act 2018) (DPA)
The Comptroller & City Solicitor informed the Committee, that between 1 January 2019 to 22 August 2019 there had been 45 data breaches which were notified to the Data Protection Officer. Amongst the 45, 2 were deemed to be notifiable to the Information Commissioner's Office. The Information Commissioner's Office has responded to one of the data breaches suggesting that no further action needed to be taken but made recommendations which were implemented by the City, whilst the remaining identified breach is currently awaiting a response from the Information Commissioner’s Office.
Additionally, two Departments are yet to complete their retention schedules. The Comptroller & City Solicitor Department is actively encouraging the departments to do more to protect their data.
In terms of the data breach incident related to the secure bag containing a variety of documents in relation to a small number of data subjects being stolen, a Member asked if the bag was retrieved. In response to this question, the Comptroller & City Solicitor agreed to look further into the matter and report back to the Committee in writing. A Member also asked if the training for employees included the fact that data privacy laws extend to information on paper. The Comptroller & City Solicitor confirmed that it was included.
RESOLVED: That Members are asked to note the report.