Agenda item

Information Governance Annual Report

Meeting of Audit and Standards Committee, Thursday 19 December 2019 4.30 pm (Item 6.)

Report of the Director of Business Change and Information Solutions.

Minutes:

6.1	Mark Jones, Senior Information Management Officer, attended the meeting and presented the report.
6.2	The report included the Annual Information Governance Report for 2018/19 and provided a brief update to the key information governance activities carried out since April 2019. Information governance was an umbrella term which included data protection, freedom of information and subject access requests etc.
6.3	So far in 2019/20, the Council had handled 230 Data Protection Subject Access Requests and it was explained that the number of requests had increased and performance had improved and stabilised. 1198 Freedom of Information Act and Environmental Information Regulations requests had been handled and the performance target was being met.
6.4	138 information security incidents had taken place, which was equivalent to 17 per month. This was lower than last year and it should be noted that in an organisation the size of Sheffield City Council, with the number of processes, employees, partner agencies, systems and customers, it was not possible to eliminate incidents. However, appropriate measures were taken to minimise risks when handling information. Staff were encouraged to report incidents as they occurred and to learn from any mistakes. Only three incidents had been referred to the Information Commissioners Office (ICO), all of which were now closed with only minor recommendations.
6.5	62% of staff had now completed the essential learning and a talked course was now on offer which gave an opportunity to ask questions.
6.6	The Council needed to be open and transparent, but sometimes unnecessary information would become a risk. The Council should look at the information that was kept and work towards compliance.
6.7	Councillor Paszek asked whether there had been any breaches that had resulted in identity theft. Mark Jones stated that he was not aware of any identity theft from breaches and there was guidance available for the redaction of documents if needed.
6.8	Councillor Argenzio asked how it could be ensured that staff attended the appropriate training and noted that Councillors also needed training on how to keep data secure and cyber essentials. Mark Jones explained that the training had been formulated with Human Resources Learning and Development and more details were available on the intranet. There was a need to ensure that the training was right. The ICO had the power to force the Council to be compliant and individuals also had the right to make a claim.
6.9	Gillian Duckworth explained that manager compliance was an issue in the Annual Governance Statement and there was a need to ensure that the training was fair and reasonable and the content recent and relevant. A lot of effort was being put into the development of managers within the Council. Openness and transparency, along with document management and engagement with customers was also being worked on.
6.10	RESOLVED: That the report be noted and an annual report be presented in future.

Supporting documents:

Audit Standards Committee - Information Governance Report - 19-12-2019, item 6. PDF 486 KB
Appendix A - Information Governance Annual Report 2018-19, item 6. PDF 422 KB
Appendix B - Information Governance Framework (2019), item 6. PDF 535 KB
Appendix C - Information Asset Owners Brief to Directors Group (2019), item 6. PDF 80 KB