Agenda item

The Committee had before it a report by the Executive Director of Corporate Services which presented the annual Information Governance Performance, including information about the changes implemented through the Council’s Information assurance improvement plan. 

The report recommended:

that the Committee note the information provided about the Council’s information governance performance at sections 3.1 to 3.5 and in the Information Governance Report at Appendix 1.

In response to a question relating to the drop in performance for responding to FOI’s , the Customer Services Manager advised that the response rate varied from service to service and that each year there were specific topics that generated an increase in requests.  She further advised that the increase in requests was a combination of higher profile issues and more awareness of what people can ask for.

In response to a question relating to whether Directors were holding their teams accountable for performance in this area, the Executive Director of Corporate Services advised that teams were held accountable for performance and that the service were looking at different ways to respond to make the process easier.

In response to a question relating to the increase in data breaches, the Data Protection Manager advised that there was an increased awareness for staff around their responsibilities to report any breaches.  She further advised that all breaches were assessed to see if there was a risk to the rights and freedoms of the individual and where there was not assurance, these were reported to the Information Commissioners Office (ICO) and that where there was assurance that there was not a risk to the person, the incident files were closed.

In response to question relating to the obligations of the ICO and reporting arrangements, the Data Protection Manager advised that the ICO would report back on how the Council handled the investigation.  She provided assurance that of the four that had been reported to the ICO, there was no further action required.

In response to a question relating to the risks associated with the increase in external cyber incidents, the Chief Officer – Digital and Technology advised that the number of incidents had increased however the complexity of the incidents remained the same and that the cyber security framework was robust.

In response to a question relating to the overall performance in relation to Subject Access Requests (SAR) and Freedom of Information Requests, the Customer Services Manager advised that SARs were challenging especially with Care Experienced related requests and that the team were focusing on FOIs to identify improvements.  She further advised that there was an increased awareness in both of these areas which had impacted the number of requests.

In response to a question relating to whether there had been an increase in the number of Care Experienced requests, the Customer Services Manager advised that when these requests are made, it was the volume of information involved and the resource required to complete the task not necessarily an increase in number.

In response to a question relating to the reason why there was an increase in third party requests, the Customer Services Manager advised that there had been a change in how these requests were reported with them now being managed centrally. 

In response to a question relating to whether staff were aware of the implications for the Council if they lost their ID badge, the Information and Data Manager advised that staff were made aware of the process to report their ID badge missing.

In response to a question seeking assurance on where the Council were with processes some FOI requests, the Customer Services Manager advised that she was aware of some outstanding requests which were complex and that an internal review was underway.

The Committee resolved:-

(i)       in relation to a question regarding the way in which the lessons learnt information was presented, to note that the Information and Data Manager would look at alternative ways to present this data for future reports; and

(ii)      to otherwise approve the recommendation contained in the report.