Questions about town and parish councils
Follow Councillor Q&A on X/Twitter

Follow us on X/Twitter

0 votes
Where a parish council website has published unredacted Register of Interests forms of all its members, in a way which openly displays all the entries completed by hand and all of the councillors' respective personal signatures, which as it happens is followed by a number of phishing emails purporting to be from the chairperson, clearly this must be a GDPR breach that warrants a risk assessment; but can the council - whether as part of an agreement to resolve complaints or potential claims by affected members, or just on its own initiative - require all of its members and staff to undertake training on data protection? What if tries to do so but some councillors for whatever reasons refuse to attend the training, which would prevent a resolution of the complaints or claims? Is there anything a monitoring officer or anyone else can do to ensure all of the councillors are provided at least basic awareness of data protection obligations and information rights?
by (720 points)

4 Answers

0 votes
It’s the data controller (the person that uploaded the forms unredacted) that needs training - not the person that completed the form.
It’s likely that the data controller / organisation (which should be ICO registered) should self report the breach to ICO and make the associated negative assertion on the AGAR for the period within which the data breach occurred.
How, after the GDPR regs have been in place for so long, can these basic errors still be occurring.
Whoever is responsible for placing these forms c/w signatures needs a rocket.
by (21.9k points)
0 votes

Your clerk may find the following ICO guidance helpful:

Parish councils data audit exercise

by (4.3k points)
0 votes
It is a legal requirement for copies of the Financial Interest Forms to be available as a paper copy held by your principal authority and a copy to be available on the website of the town or parish council.  As a general rule, the website version has the signature redacted but the rest of the form is as completed by the individual councillor.  Many parish councils actually link their website to that of their principal authority rather than input directly themselves, but this doesn't apply throughout the country.   Worth checking what happens in your area.  
The phishing emails purportedly coming from the chairman is not a new thing; it's been a issue for quite some years and I'd be surprised if it came solely from the publication of the Financial Interest forms as the format is the same - a request for "confidential" action which includes purchasing vouchers or something similar with the codes then sent to the perpetrator.  I've had several over the years but the email address it comes from isn't that of my chair and the language used certainly isn't the way they would write (and frankly they'd know better than to ask me to do that!).  I'm sure many people have learned the hard way that this is a scam.

I entirely agree that data protection training is a must for councillors and council staff.  I doubt the monitoring officer would be interested in ensuring this; it really isn't part of their role.  All councils, their staff and councillors, must be clear on their responsibilities.
by (19.6k points)
Agreed:  "...It is a legal requirement for copies of the Financial Interest Forms to be available as a paper copy held by your principal authority..."

Question "...and a copy to be available on the website of the town or parish council..."  What reference states that a copy must be available at the town / parish website?

The discussion has arisen previously and not been concluded so far as I recall.  You have a reference to support the assertion that it must be at town / parish website AS WELL AS at principle authority?
Localism Act 2011 Section 29(7)
"A parish council must, if it has a website, secure that its register is published on its website"
>          That’ll do!
0 votes
These phishing emails are quite common I’ve had several but all someone needs is the Councillor email addresses from the Council website so unless I’ve missed something it’s got nothing to do with the declaration

I’ve never had a  problem with my handwritten declaration being published and Councillors can  often sign documents which are in the public domain to me it’s part and parcel of being a Councillor
by (11.6k points)

Welcome to Town & Parish Councillor Q&A, where you can ask questions and receive answers from other members of the community. All genuine questions and answers are welcome. Follow us on Twitter to see the latest questions as they are asked - click on the image button above or follow @TownCouncilQA. Posts from new members may be delayed as we are unfortunately obliged to check each one for spam. Spammers will be blacklisted.

You may find the following links useful:

We have a privacy policy and a cookie policy.

Clares Cushions logo Peacock cushion

Clare's Cushions creates beautiful hand made cushions and home accessories from gorgeous comtemporary fabrics. We have a fantastic selection of prints including Sophie Allport and Orla Kiely designs and most covers can be ordered either alone or with a cushion inner. Buying new cushions is an affordable and effective way to update your home interior, they're also a great gift idea. Visit our site now

2,983 questions
5,848 answers
10,138 users
Google Analytics Alternative