1. Home
  2. Council and Democracy
  3. Contact your Parish Council

Contact your Parish Council

TEC report

 

MAIDSTONE BOROUGH COUNCIL

 

AUDIT COMMITTEE

 

15th June 2009

 

REPORT OF THE ASSISTANT DIRECTOR OF ENVIRONMENTAL SERVICES

 

Report prepared by_J Kitson_ 

 

1.           DATA TRANSFER TO THE TRAFFIC ENFORCEMENT CENTRE

 

1.1        Issue for Decision

 

1.1.1   To consider the options available to address concerns over data transfer between Maidstone Borough Council and the Traffic Enforcement Centre as part of the process of debt recovery for penalty charge notices under the Traffic management Act 2004.

 

1.2        Recommendation of the Assistant Director of Environmental Services              

 

1.2.1   That dialogue with the Local Government Association should continue to facilitate a change in policy within the Traffic Enforcement Centre.

 

1.2.2   That the matter should be raised with the Information Commissioner as the level of risk to data is considered unacceptable.

 

1.3        Reasons for Recommendation

 

1.3.1   The Traffic Enforcement Centre is a registration point for all Local Authorities that have decriminalised parking arrangements.  Local Authorities send registration data by either floppy disk or via a modem and receive the guarantee that, following computer validation, the registration will be effected with an Order for Recovery given to the Local Authority.  Enforcement is undertaken by the pursuing Authority by way of warrant of execution after which many Local Authorities use private bailiffs to execute the warrant.  TEC processed some 1.2 million registrations during 2006/07, and a further million registrations April 2007 to December 2007.  Maidstone Borough Council has operated decriminalised parking operations since 1997.

 

1.3.2   Through our internal audit team a risk has been identified in the way in which data is shared between agencies to enable the enforcement process to take place.  Currently Maidstone data is downloaded to 3.5in floppy disk and sent via recorded delivery to the Traffic Enforcement Centre.  This of course introduces the potential of data loss/theft in transit.  This is an unacceptable risk as each disk holds personal information on individual vehicle owners and case history.

 

1.3.3   As a result of this risk, Maidstone Borough Council has investigated alternative methods of data transfer with the Traffic Enforcement Centre.  It is confirmed that the bulk processing centre accept only two ways of data submission, therefore limiting the alternative choice to submission via a data modem link. 

 

1.3.4   The Councils I.T team has confirmed that this method of data transfer is not compatible with our corporate responsibilities as it contravenes the Government Connect security requirements and may create additional risks by creating a ’back door’ to not only our network, but the entire Kent Connects KPSN infrastructure.  Several past security audits have highlighted the dangers of modem links and so it has become necessary to challenge the current situation.

 

1.3.5   The Traffic Enforcement Centre has acknowledged the risks associated with data transfer by 3.5in disk and also agree that the modem link is not ideal.  This issue has been raised within the senior management team at the Traffic Enforcement Centre; however they have confirmed that no funds are available at present to change the existing arrangements to enable a more secure data link or encrypted e-mail transfer to be adopted by each Local Authority.

 

1.3.6   The identified problem is not unique to Maidstone Borough Council as each Local Authority is required to follow the same processes.  This leads to the conclusion that high volumes of data are being transferred each day through less than satisfactory systems, placing Councils reputation and the public at unnecessary risk of data loss. 

 

1.3.7   I have formally raised this issue to the Local Government Association to increase awareness of the risk and to request that an approach is made to Traffic Enforcement Centre on behalf of all Local Authorities in an effort to rectify the current situation.  Their initial response is positive and discussions will continue in an effort to improve the current situation.

 

1.3.8   It is recommended that the matter is also raised with the Information Commissioner as the level of risk to data is considered unacceptable.

 

1.4        Alternative Action and why not Recommended

 

1.4.1   To continue to send data unencrypted via 3.5in disc will compound the risk of data loss resulting in placing Councils reputation and the public confidence at risk. 

 

 

1.5        Impact on Corporate Objectives

 

1.5.1   The Council sets high standard levels to ensure that the risk to data loss is minimised particularly when data is transferred to external bodies.

 

1.6        Risk Management

 

1.6.1   Although Parking Services have not lost any data in transit to the Traffic Enforcement Centre, the risk remains high as the method of transfer is unsecure and the data will only be accepted as an unencrypted file by the Traffic Enforcement Centre.  To reduce the risk this data is currently sent via registered mail by Parking Services.

 

1.7        Other Implications

 

1.7.1    

1.      Financial

 

 

 

2.           Staffing

 

 

 

3.           Legal

 

 

 

4.           Equality Impact Needs Assessment

 

 

 

5.           Environmental/Sustainable Development

 

 

6.           Community Safety

 

 

7.           Human Rights Act

 

 

8.           Procurement

 

 

9.           Asset Management

 

 

 

 

1.8        Background Documents

 

1.8.1   None

 

 

NO REPORT WILL BE ACCEPTED WITHOUT THIS BOX BEING COMPLETED

 

 
 

x
 
 


Is this a Key Decision?        Yes                        No     

 

If yes, when did it appear in the Forward Plan? _______________________

 

 

x
 

 
 
Is this an Urgent Key Decision?     Yes                  No

 

Reason for Urgency