Skip to content

Agenda and minutes

Venue: To be held at the Town Hall, Pinstone Street, Sheffield, S1 2HH

Contact: Sarah Cottam, Democratic Services  Email: sarah.cottam@sheffield.gov.uk

Items
No. Item

1.

Apologies for Absence

Minutes:

1.1

Apologies for absence were received from Councillors Pat Midgley and Alan Law and from Lynda Hinxman (Co-Opted Member).

 

2.

Exclusion of the Press and Public

To identify items where resolutions may be moved to exclude the press and public.

Minutes:

2.1

No items were identified where it was proposed to exclude the public and press.

 

3.

Declarations of Interest pdf icon PDF 88 KB

Members to declare any interests they have in the business to be considered at the meeting.

Minutes:

3.1

There were no declarations of interest.

 

4.

Minutes of Previous Meeting pdf icon PDF 131 KB

To approve the minutes of the meeting of the Committee held on 26 July 2018.

Minutes:

4.1

The minutes of the previous meeting of the Committee held on 26 July 2018 were approved as a correct record.

 

5.

Annual Internal Audit Opinion Report pdf icon PDF 832 KB

Report of the Senior Finance Manager.

Minutes:

5.1

The Senior Finance Manager, Internal Audit, submitted a report highlighting to Members the work that had been undertaken by Internal Audit during the year and supporting the Council’s Annual Governance Statement (AGS).

 

 

5.2

Kayleigh Inman, Senior Finance Manager, Internal Audit reported that there had been 15 audit assignments considered as high opinion for this year compared to 14 last year. All high opinion audits had been reported to the Committee and were subject to follow up. There had been an improvement in the implementation of actions required. She added that it was inevitable for such a big organisation that there may be some failures in controls but she was confident that the control, governance and risk management framework was robust.

 

 

5.3

Kayleigh Inman added that a work programme for the team was developed on an annual basis and was compiled on a risk assessment basis. Some routine audits were undertaken including school visits. Audits could cover any activity the Council was involved in.

 

 

5.4

In response to a question from a Member regarding the use of the Council’s Credit Card, Kayleigh Inman stated that this was routinely audited but that checks on this should be undertaken by management.

 

 

5.5

Resolved: That the contents of the report now submitted, and the opinion of the Senior Finance Manager, be noted.

 

6.

Information Management Annual Report pdf icon PDF 334 KB

Report of the Data Protection Officer / Senior Information Management Officer.

Minutes:

6.1

The Senior Information Management Officer submitted a report providing an update on the Council’s position in preparing for and complying with the General Data Protection Regulations and the Data Protection Act 2018, both of which came into effect on 25 May 2018, the latter replacing the Data Protection Act 1998.

 

 

6.2

Mark Jones, Senior Information Management Officer, commented that the priority was to ensure compliance across the Council, but in particular in the higher risk areas that process large amounts of personal and sensitive personal data, for example social care, housing, etc.  The Information Management Team had, and continues, to work with representatives across the portfolios to provide advice and guidance to the work required, but is reliant on staff to assist with compliance. The team are attempting to embed compliance within the organisation through the business strategy teams.

 

 

6.3

Mark Jones further commented that he was aware there were still some data protection issues within the organisation, which the team were working to resolve. If an employee or a manager became aware of an issue they should report it to the Information Management team to help improve or resolve the situation as quickly as possible. 

 

 

6.4

In response to a question from a Member regarding risk, Mark Jones commented that risks of non-compliance were high and the Information Commissioner’s Office (ICO) could issue fines of up to £20m for non-compliance to data protection. However, the ICO had confirmed the new data protection laws were the start of a new beginning and accepted organisations may not be compliant by May 25th, but need to be working towards compliance and being able to demonstrate so.  The ICO has a range of enforcement powers, which include fines, but fines have generally been confined to incidents involving personal data breaches.

 

 

6.5

In respect of IT, Mark Jones confirmed that work was still being carried out to identify where personal data was being held.  Individual services are responsible for managing personal data in accordance with the law and the Information Management team is not yet confident it has clear visibility where all this information is held.  Work is ongoing to identify what personal data is held and where and to identify any potential non-compliance issues, for instance if personal data cannot be deleted because system or software limitations. If a partner organisation of the Council failed to comply with the regulations they may be liable rather than the Council.

 

 

6.6

Regarding contractors, Mark Jones commented that the Information Management team is working with Procurement Services to help ensure appropriate clauses and documentation are in place when personal data is being processed as part of a contract, for example Data Processor Agreements. He was hoping that by Christmas, processes would be in place to help ensure compliance from contractors.

 

 

6.7

In response to a question from a Member, Mark Jones commented that there were pockets of non-compliance evident in many organisations particularly organisations the size of the Council.  Subject Access requests were  ...  view the full minutes text for item 6.

7.

Annual Review of the Complaints Procedure pdf icon PDF 126 KB

Report of the Director of Legal and Governance.

Additional documents:

Minutes:

7.1

The Monitoring Officer/Director of Legal and Governance submitted a report outlining revisions to the procedure for dealing with standards complaints. The latest version of the procedure had been approved by this Committee on 16 November 2017 and by Full Council on 6 December 2017. One of the revisions agreed was for the procedure to be reviewed on an annual basis by the Monitoring Officer in consultation with the Independent Persons. While the procedure had been a noticeable improvement on previous versions, some slight revisions were proposed in the light of the complaints considered this year.

 

 

7.2

Gillian Duckworth, Monitoring Officer/Director of Legal and Governance commented that the revisions included extending the timescales for consideration of complaints. This was to give complainants more realistic expectations of the timescale for their complaint to be considered. The other main revision regarded data protection and was designed to be more explicit about what the Council was doing with someone’s personal information.

 

 

7.3

Responding to a question from a Member, Gillian Duckworth commented that the revision in paragraph 11.2 of the procedure to state that personal information would be deleted after 7 years unless ‘we elect to retain it for a longer period in order to comply with our legal and regulatory regulations’ was included in case it was needed such as for an ongoing court case that may last longer than that period.

 

 

7.4

Resolved: That the Committee:-

 

 

 

(a)

recommends to Full Council the adoption of the revised Procedure and that the Constitution be amended accordingly; and

 

 

 

 

(b)

refers the revised Procedure to the Parish and Town Councils for consideration and adoption.

 

8.

Work Programme pdf icon PDF 27 KB

Report of the Director of Legal and Governance.

Minutes:

8.1

The Director of Legal and Governance submitted a report providing details of an outline work programme for the Committee for the period November 2018 – July 2019.

 

 

8.2

Resolved: That:-

 

 

 

(a)

an item be added to the programme on a GDPR update on a date to be agreed;

 

 

 

 

(b)

the meeting scheduled for 15 November 2018 be cancelled;

 

 

 

 

(c)

the Information Management Annual Report be added to the programme for the meeting in January 2019; and

 

 

 

 

(d)

the Standards Annual Report be deferred to a date to be agreed.

 

9.

Dates of Future Meetings

To note that meetings of the Committee will be held at 5.00 p.m. on:-

 

            15 November 2018;

            20 December; (Additional meeting if required);

            24 January 2019;

            21 February (Additional meeting if required);

            21 March (Additional meeting if required);

            18 April;

            13 June;

            25 July.

Minutes:

9.1

It was noted that meetings of the Committee would be held at 5.00 p.m. on:-

 

           20 December 2018 (additional meeting if required)

           24 January 2019

           21 February 2019 (additional meeting if required)

           21 March 2019 (additional meeting if required)

           18 April 2019

           13 June 2019

           25 July 2019