Agenda item

7.1

The Committee considered a report of the Interim Director of Legal and Governance.

7.2

The Senior Information Management Officer and Data Protection Officer, Sarah Green, explained that the report had been presented to give an overview of the information governance arrangements and performance at the Council for the last financial year. It was added that the pandemic had caused huge disruption to Council services during that time.

7.3

In 2021/22, the Council handled 446 Subject Access Requests (SAR) and answered 228in time. The overall SAR performance figure for 2021/22 was 51.1%.

7.4

The Information Commissioner’s Office (ICO) had contacted the Council on 15 separate occasions arising from complaints by data subjects concerning SARs in 2021/22. The majority of the cases concerned situations where individuals complained to the ICO that they were not provided with the information to which they were entitled, within the statutory timeframe.

7.5

In 2021/22 the Council received 1691 Freedom of Information (FOI) and Environmental Information (EIR) requests and answered 75.9% in time. The compliance rate had improved from the previous year and this was an ongoing trend.

7.6

The ICO had contacted the Council on 17 separate concerning FOI and EIR requests in 2021/22. Of these cases, 13 were in relation to late information requests.

7.7

In 2021/22, 324 incidents were logged through the Council’s information security incident process. 108 of these incidents were classed as personal data breaches. Most of these breaches involved customer personal data, and were caused by human error with emails or post being delivered to the wrong person. Of these breaches, 6 were considered to meet the risk threshold and were reported to the ICO.

7.8

The Senior Information Management Officer and Data Protection Officer, informed the Committee that the Council’s GDPR and Information security training was compulsory for all Council employees, and that this training was completed on an annual basis. In 2021/22 91.3% of Council employees completed their training.

7.9

Members of the Committee asked questions and the following responses were provided: -

7.10

The Senior Information Management Officer and Data Protection Officer believed the Council had a robust process for dealing with lost or stolen hardware. She explained that if a piece of hardware was either lost or stolen, then initially it would be reported internally through a ticketing system. It would then go to the Council’s information management system and IT where they could immediately shut down that piece of equipment. Information Management Officers would also ask for confirmation that stolen hardware had been reported to the Police and ask for the incident number.

7.11

The Senior Information Management Officer and Data Protection Officer, explained that the Council reported to the ICO based on a risk assessment. If a breach was considered of high impact, then the ICO would be contacted. If the ICO contacted the Council about an incident, the organisation would investigate that incident and provide a full report to the ICO.

7.12

The Senior Information Management Officer and Data Protection Officer recognised that whilst the Council published certain information on its website and open data sites, there was work taking place to publish even more and stated that the Council was committed to open data, to support its transparency agenda. It was added that the Council would look to publish more data, following the pandemic, for the Council’s customers to view.

7.13

The Senior Information Management Officer and Data Protection Officer informed the Committee that this year’s compliance rates were good and heading the right direction. Processes were in place to get compliance back up the excellent compliance expected of the Council.

7.14

The Senior Information Management Officer and Data Protection Officer explained that it was the responsibility of every Officer to respond to requests for information from FOI’s and SAR’s.

7.15

The Senior Information Management Officer and Data Protection Officer mentioned that the Council was in a similar position to many authorities and that the pandemic and working from home had been challenging and had affected many authorities.

7.16

RESOLVED: That the Committee notes the information governance annual update.