Agenda item

The Councils Solicitor will provide a verbal update at the meeting, report attached.

Jacqui Dennis presented a report updating the Audit Committee on the Council’s Information Governance activity up to the end of June 2024, these reports now focus on the Council’s ‘business as usual’ performance in the delivery of Information Governance.

Following the transfer of Six Town Housing into the Council, this report now includes information in relation to Housing Services levels of compliance.

As referenced in the last update report, following the restructure of the Business Support Unit, a Policy and Compliance Team has been established, under the direction of the Data Protection Officer. The department will streamline oversight, of all Complaints, Subject Access Requests, Environmental Information Regulations and Freedom of Information Requests. In addition, the newly appointed Policy and Compliance Manager will lead this team; and will have operational responsibility for Information Governance matters, supported by the wider team.

The team “went live” on the 18th March 2024, and have already undertaken a review of the Councils retention schedule; established a repository for data sharing agreements; joint controller agreements and privacy statements and commenced a review of the Councils Record of Processing Activity (ROPA). In addition, the team have developed a caseviewer system for recording, activity against all our FOIs and EIRs, training has commenced across all departments and a go live date is scheduled for the summer.

Pressure points still exist with regards to the redaction of a number of complex Childrens Service SARS, in many cases there may be thousands of documents that require oversight and redaction, this can be a very onerous process. In response to this, the DPO, working with Childrens Services has developed a new process in assessing the need to have additional checks on completion of the first sift of the redaction process and this has helped to address the backlog.

The report gave an update on the number of Subject Access Requests and Sar Reviews received, the number of FOI requests, Environmental Information Reviews and DPO reviews received, the number of data breaches reported across the different departments, Police Disclosures,  information on complaints and assurances from the ICO and training non-compliance. It was reported that ‘core training for Councillors had increased to 54.9%.

Members were given the opportunity to ask questions and make comments and the following points were raised:

·         Councillor McBriar refereed to data breaches and emails sent to wrong addresses and asked about members sending emails to wrong addresses and whether this was reported.

Jacqui explained that Members were there own data controllers so it was up to them to decide whether to report a breach. All staff were required to report breaches and it was seen as positive to do so.

·         Councillor Berry referred to the numbers of SARs that were received and how much this cost the council in money and in time.

The Monitoring Officer responded to Councillor Berry’s question and advised that she could provide information on the number of SARs to the Chair, but that no information was collected on the time undertaken as it would be too time- consuming, which Councillor Berry accepted.

It was agreed:

That the Audit Committee notes the performance set out from January to June 2024.