Energy data protection recommendation

West Mercia Energy is jointly owned by four local authorities, including Shropshire and Telford and Wrekin, and provides electricity and fuel to them and other public-sector bodies.

In a report for its governing committee, auditor Joanne Wooley gives WME a “limited” assurance rating for its IT practices and makes 13 recommendations, including that data protection training should be provided to comply with WME’s own policy.

The Local Purchasing Organisation’s management has pledged to carry this out, along with other recommendations including data recovery testing to guard against “a disaster”. Four other areas are all rated “good”, with just eight recommendations between them.

All five assessments, and a cover-all Internal Audit Performance Report by Shropshire Council audit chief Ceri Pilawski, will be discussed when the WME Joint Committee meets in Shrewsbury on February 25.

Of the 13 recommendations in Ms Wooley’s IT report, which is based on observations carried out in December, five are rated “significant”.

One says: “To ensure that, in line with the WME Data Protection Policy, staff who manage and handle personal information are appropriately trained to do so, data protection training should be undertaken.”

A debrief meetings about the recommendations was held with WME managers last month. Director Nigel Evans, Ms Wooley’s report says, will take responsibility for data protection training, and aims to act on it before April.

Ms Wooley quotes the management response: “It is agreed that it would be beneficial to obtain more formal training and we will look to secure this.”

Two further “significant” recommendations say “recovery testing should be undertaken to ensure that, in the event of a disaster, the utilities and billing system can be successfully retrieved” and an impact assessment “to determine the effect of a short-, medium- and long-term loss of the utilities and billing system” should be carried out.

Two more “significant” recommendations were made, saying a “formal change control process” should be approved and reviews of business continuity and recovery plans should be carried out. The remaining eight recommendations are rated as “requiring attention”, while the other four areas – the debtors, finance and procurement systems and corporate governance and risk management – were rated as “good”.

WME was originally set up to provide electricity, gas and liquid fuel to its “owning authorities”, Herefordshire Council, Worcestershire Council, Shropshire and Telford and Wrekin, but now supplies 11 local authorities and other public bodies. Its eight-member Joint Committee consists of senior members of the four owning authorities.