Hampshire County Council’s Children’s Services department now has a set of procedures and processes in place to ensure its data protection and confidentiality management are fully in line with the Data Protection Act following an expert review by Socitm Consulting. By undertaking a comprehensive risk assessment of its data protection processes, we were able to provide a key set of recommendations for ensuring robust data protection compliance across the department, balanced with effective management of the information sharing regime required to support the Every Child Matters agenda.
The project issues
Hampshire County Council’s Children’s Services department is a merger of the Education department and Social Services children’s social care services. It is the custodian of significant amounts of confidential information and as a result of the merger has a range of established systems and processes for managing information, some of which may not be sufficiently robust to ensure adequate data protection. Socitm Consulting was asked to review current departmental data protection processes and make recommendations for improvement.
The Socitm Consulting solution
We interviewed key individuals and asked teams to complete questionnaires which were analysed against an industry-standard risk matrix.
Our analysis identified that a number of improvements could be made in data protection policies and procedures, staff training and data collection. In particular, the lack of a departmental Data Protection Co-ordinator limited the department’s capacity to implement or enforce data protection compliance. Our recommendations included:
- The creation of an Information Governance Group and identification of an individual to be responsible for defining, implementing and enforcing data protection policies, procedures and processes
- Ensuring all staff receive a revised data protection policy, supporting guidance and appropriate training
- Revision of existing Fair Processing Notices to ensure they reflect email collection and usage
- The development and implementation of a document retention schedule
- The development of greater internal knowledge transfer between Adults’ and Children’s Services
- The identification and review of all personal data held by the organisation
- The incorporation of breach of data protection rules into disciplinary procedures
A key recommendation was that data protection and information security policies need to be embedded within an Information Management framework to allow compliance and assurance processes to function as effectively as possible.
The benefits to the client
With our expertise in implementing Data Protection and Information Management best practice, we assisted Children’s Services in identifying key areas where data protection policies and procedures needed to be improved. As a result, the department now has a comprehensive basis for aligning its data protection policy with the requirements of the Data Protection Act and ensuring the efficient and confidential management of employees’ and customers’ personal data.
Project identification
Client organisation: Hampshire County Council
Client contact: David Woodward, Head of Information and Systems Management, Children's Services, 01962 846359, david.woodward@hants.gov.uk
Lead consultant: andrea.simmons@socitm.gov.uk
Project no: 6073