Council criticised for data protection breaches
A council has been criticised for breaches data protection systems.
A report by the Information Commissioner said "immediate action is required" to ensure Anglesey council complies requirements.
It said "physical security and storage standards relating to manual records within the council's offices were not appropriate".
The council says it has agreed an action plan to address concerns and said work was already "well under way".
The audit was ordered following a breach of Section 7 of the Data Protection Act by the council in 2011 and again in 2012.
Section 7 relates to how organisations manage the security of personal data.
In August the BBC learned local authorities in Wales broke data protection laws over 60 times in 2012.
In one case a worker allowed their partner to access and amend personal data.
There were also several cases of posting personal data on websites, and an email which accidentally disclosed sensitive details of 24 dead people.
The Information Commissioner's office in Cardiff provides information on data protection and freedom of information for individuals and organisations based in Wales.
Responding to the reports, a spokesperson for Anglesey council said: "Work to address failings identified in the report is already well under way.
"The authority earlier this month agreed a detailed action plan with the Information Commissioner's Office and a project board has been set up to drive forward the improvements needed."
Council officials said new policies had been put in place focusing on privacy, personal data, information risk and data breaches.
"New procedures, guidance and training will also be rolled out as part of the action plan," added the council spokesperson.