Outlining the importance of keeping sensitive information secure, an Audit Scotland report presented at today’s meeting of the council’s audit and risk management sub-committee pointed out “computer crime provides a ready market for assumed identities and personal information and many people have been affected by credit card fraud.”

Staff in any organisation are often one of the main weak links in maintaining the security of information, “often through carelessness or failure to understand the importance or value of data,” says the report.

It was these “cultural aspects” of information handling and security that were studied by the auditors, who in the main, gave council staff a clean bill of health.

They found senior managers at the council were involved in promoting information security and a framework was in use to reduce the likelihood of data handling problems.

Appropriate materials were provided to train staff in data handling and information security and council workers involved in the audit had a good awareness of security issues and policies.

However, auditors advised the council to make security awareness and data handling relevant to day-to-day work by including it in routine training.

“The changing environment of technology and data use requires regular review to ensure exposure to new risks is controlled and security policies updated,” they added.

Senior audit manager, Pearl Tate, said, “Information handling is high on the agenda because of the high profile losses in the public sector of information, whether through PCs going missing or USB keys being mislaid.”

However, at Dundee City Council, “the basic foundations are in place”.