Councillors have been warned that they could be personally liable if they breach data protection rules which are set to be introduced, writes Richard Whitehouse, local democracy reporter.
A briefing was held for Cornwall councillors to inform them how they could be affected by the General Data Protection Regulation (GDPR) which is set to be introduced at the end of the month.
Simon Mansell, the council’s corporate and information governance manager and data protection officer, explained to councillors that they had all been registered as data collectors with the Information Commissioner’s Office (ICO).
He told them that if a member of the public approached them with an issue or a complaint about a council service that councillors would have to ask for that person’s permission before forwarding their message onto the relevant council department.
Mr Mansell explained that GDPR covered a wide range of data which was seen as personal information from people’s telephone numbers to their IP addresses.
He said that councillors would have to be very careful in future with how they handle any personal data which is sent to them.
Mr Mansell said that as a result of the changes the council had had to review a system used in schools across Cornwall which uses biometric data taken from pupils in the form of thumbprints which are used as a way of allowing students to pay for school meals.
The officer told councillors that if they held personal information on anybody and they submit a right to access request then they would have to disclose what they have – and that could be something as innocuous as a telephone number. Members of the public can then ask that councillors no longer hold their data.
Mr Mansell said that the council had received requests from people trying to use the new rules to avoid payments.
He said: “We have already had people saying that under GDPR they no longer want us to use their data for the processing of council tax bills. Nice try.”
Mr Mansell explained that as council tax is an ongoing process the council is entitled to use residents’ details.
He said: “We may get a lot of this and we may get these sent to members as well.”
One example he gave for councillors was if a resident contacted them as their bin had not been collected.
He said: “If you get a complaint from Mrs Miggins about her bins. You can go back to environmental services and ask if there has been a problem with bin collection in Acacia Avenue. You can do that as you are not sharing personal data.
“If it is an individual complaint you have to go back to Mrs Miggins and ask for her permission to pass it to environmental services.”
However, Cabinet member Bob Egerton raised a problem with having to go through that process.
He said: “If I have someone contact me saying their bin hasn’t been collected, they are not seeing me as a data controller. If I then go back and say do you want me to report it, they might have gone out to work, they might not see that until they get back from work, their bin won’t have been collected and they will not be happy about it.
“If I do just send it to (waste collection firm) Biffa and their rubbish is then collected they will be happy and I am a good councillor.”
Mr Mansell said that in 99.9% of cases that might be true but said that councillors should be alert for the 0.1% of people who might not be happy and may complain that their personal data has been passed on without their consent.
He explained to councillors that he was only telling them how the law stands and what they should do.





