Cafcass given the second highest rating for data protection compliance by the Information Commissioner

The Information Commissioner’s Office (ICO) has published a summary audit report which evaluates Cafcass’s compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act. The purpose of the audit was to provide the Information Commissioner and Cafcass with independent assurance of Cafcass compliance, complementing existing monitoring and review through internal audit.

The audit which took place this summer, focussed on security of personal data and records management. We were rated as offering ‘reasonable assurance’ in both areas. This is the second highest rating in a four-point scale.

The audit report provides recommendations for how we can improve our processes across the organisation to ensure that we protect the personal and sensitive information we receive about children, their families and our staff.

Over the next six months we will be focussing on:

• Embedding the new Data Protection Officer post. They will ensure the right structure and process is in place to allow us not only to remain compliant with data protection legislation by protecting the privacy of the individuals we work with, but also to enhance transparency about our work with children and families.
• Conducting an in-depth review of our records and approach to data retention. In particular we want to improve our ability to respond swiftly and fully to Subject Access Requests, so that we can support people who want to understand what information we have about them. Sometimes requests are received several years after we have worked with them, so this work will involve a thorough review of our the information we hold in paper archives.
• Staff training: we will be reviewing our e-learning training, so that we have a clearer understanding of what, how and when this is delivered to and completed by staff. We will make the training more holistic to include cyber, remote working and records management. We will ensure the training meets all of Cafcass staff needs. We want our training to become a process by which staff can truly learn and develop their knowledge.
• We will be focussing on the work being done internally and with partner organisations such as local authorities and the courts, to ensure information we receive is validated before we record it in our record management system.

 

Director of Strategy and Chair of the Cafcass Information Assurance Board, Teresa Williams said: “Keeping children and their family’s personal information safe is an integral part of everybody’s job at Cafcass and this is something we will be continuing to prioritise.

“We have welcomed the audit process and the findings have given us the learning we need to further strengthen our processes, so we can do everything possible to protect the sensitive information we hold. We have agreed an action plan to be delivered by summer 2020 to address the Information Commissioner’s recommendations.”