A series of reports published by the ICO have highlighted the overall positive compliance approaches being adopted by private-sector organisations; however, concerns remain over the approaches of local government and the National Health Service (NHS) sectors.
The ICO reports summarise the outcomes of over 60 data protection audits carried out by the ICO as a “free service” over the last two years in the private, NHS, local and central government sectors. Each report summarises the level of assurance the organisations in each sector provide, examples of good practice and existing areas for improvement.
The ICO had a high level of assurance that 11 of the 16 private-sector companies audited had policies and procedures in place to comply with the Data Protection Act, including robust security measures and appropriate staff training.
However, in the health service, only one of the 15 organisations audited provided a high level of assurance. The local government sector showed a similar trend with only one out of 19 organisations achieving the highest mark. Central government departments showed two out of 11 organisations achieving the highest level of assurance.
The audit reports are available from here. See the bottom of webpage under “Related Items” for separate audit reports for each sector.