Medway Council has been given a warning after it was found that staff hadn’t been given proper data protection training.

The Information Commissioner’s Office (ICO), an independent organisation which upholds information rights, has issued an enforcement notice to the council which states that mandatory training has not been rolled out to staff, despite their advice.

The notice also states the council failed to take measures against the “unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

The council has been given six months to train staff.

This morning, a man, who did not wish to be named, received an email from the council apologising for sending a previous email thanking him for a response to the local plan consultation, when he didn’t respond.

The email said: “Your email address was included in error to a list of respondents to our recent Local Plan consultation.

“We have not registered your details in relation to this consultation.”

Sally Anne Poole, ICO enforcement manager, said: “We’ve told this council several times they need to improve their data protection training for staff. They’ve not taken this action on board so we’ve been forced to issue this enforcement notice.

“Councils often deal with sensitive personal information so it’s vital that all staff know what they need to about data protection.

“With a new data protection law coming into force next May, now is the time when councils should be checking their training is up to scratch.”

A Medway Council spokeswoman said: “We are committed to providing high standards of data security and will implement the Information Commissioner’s recent recommendations to further improve the tailoring, monitoring and recording of the mandatory training.”