A city councillor who has no email, laptop or tablet will still be subject to the new data protection regulations as he has kept personal information on constituents in his diary for 15 years.
Ahead of the introduction of the General Data Protection Regulations (GDPR) on May 25, the head of IT in Galway city Council Alfie Jones said the local authority was “ahead of the curve compared to a lot of the councils”.
Galway City Council was obliged to retrieve whatever personal information they kept on members of the public if requested – including CCTV – with 30 days instead of 40 and would have to do it for free instead of for a fee as was the case previously.
Labour Councillor Billy Cameron complained that to be totally compliant with the legislation councillors would need private secretaries. He asked if his diary could “implicate” him for breaches of the new regulations.
Councillor Padraig Conneely said he did not keep personal details electronically as he had no email, no laptop or no tablet. Instead he kept records of his constituents in a handwritten diary.
“Am I not allowed to go back to that?” he asked. “I’ll be writing to them all. I’ve kept diaries for over 15 years.”
Mr Jones confirmed that diaries would be subject to GDPR.
He reminded councillors of their obligations – if they obtained personal information to lobby on behalf of a constituent, they must only use it for the purpose it was given, they should keep that data safe and not keep it for longer than necessary.
They had a duty to have the latest security software installed on their computers and should avoid using personal emails for council business to ensure emails were encrypted.
“Email is not secure. When it’s travelling from here to another organisation it will go through a number of servers and unless it’s encrypted it can be read. Put only in an email what you would in a postcard unless it’s password protected.”