Gaps in GDPR training for school staff
Staff in some Wakefield schools have not been given data protection training, despite it being relevant to their work.
A council report said that a lack of training for school employees was a "common area of weakness" across the district, with problems in around half of the schools it is responsible for.
New laws brought in last year changed the way organisations are able to hold personal information and gave individuals more rights to control what kind of data is stored about them.
The legislation applies to all public bodies as well as businesses.
But Wakefield Council's audit committee was told on Monday that some school staff had not had training on what the changes meant for them.
All schools run by the authority were sent a self-assessment questionnaire on how they controlled data.
From the results, the report said: "The most common area of weakness was that not all relevant staff had received data protection/General Data Protection Regulation training (approximately 50 per cent of the schools).
"In addition, there were issues in schools not having information sharing agreements in place or being aware of who their data controller was."
More than half of the 60 authority run schools in the district ignored the questionnaire, which also led to criticism from the committee.
Just 25 submitted their assessments to the council.
John Morrison, the committee's independent representative, asked: "Is there any action we can take against schools that didn't engage? Because they should be providing us with information.
"25 out of 60 is a relatively low turnout."
Jason Brook, the council's service manager for internal audits, said: "If it would help, I could write back to all the schools to say the committee was disappointed.
"That would probably help us as well."