Agenda item

Information Governance Annual Report

Minutes:

Consideration was given to an update and annual report presented by Paul Vessey, Head of Information Management, on the Council’s compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA).

 

Since the last report submitted on 26th November, 2020 (Minute No. 44 refers), all outstanding tasks had been completed and all required policies and processes for compliance with GDPR and DPA were now in place and embedded within the organisation.  It was now the responsibility of all Directorates and Service areas to comply with the Council’s Data Protection policies and procedures.

 

Monitoring of the Council’s compliance with GDPR and DPA was carried out by the Corporate Information Governance Group (CIGG) which had representatives from all Directorates and Chaired by the Council’s Senior Information Risk Officer.  Any risks were monitored on a regular basis by the Group with risks and actions logged and reviewed at CIGG meetings and, if necessary, escalated in line with the Council’s risk management processes.

 

The key issues were:-

 

-        Maintain compliance

Compliance with Data Protection principles was a continuous project

CIGG fulfilled a core function in monitoring and overseeing information risks

Regularly monitored the effectiveness of the Council’s Data Protection Policies and each Directorate’s Information Governance and Data Protection processes

 

-        Raised awareness of Data Protection

The Council had received a 75% increase  in the volume of validated Information Right of Access Requests (RoARs) in the 2018/19 financial year

This had coincided with increased national media coverage of GDPR and Data Protection and was reasonable to suggest that this rise was partly attributable to greater public awareness of information rights

 

The trend had been monitored – the validated number of RoARs for 2019/20 was 188, a further increase of 10% on 2018/19

 

-        Monitor performance of Freedom of Information (FOI) and Right of Access requests

Completion ‘in time’ of validated Right of Access Requests had continued to improve despite an increase in the overall volume of enquiries

Performance was below the 100% completion target within the statutory time limits due to the large number of RoARs that were complex in nature involving large volumes of historical data, Children’s Services and often linked to CSE

Slight decrease in completed ‘in time’ Freedom of Information Requests and a reduction in volume.  Analysis of the data did not raise any significant concerns and was mainly due to a poor month’s performance that could not be overcome during the rest of the year’s performance

 

Performance would continue to be closely monitored with the focus on improvement.

 

Discussion ensued with the following issues raised/clarified:-

 

·        Very low number of FOI’s refused for not meeting the criteria

·        Internal Audit had been requested to look at the processes for possible enhancements to improve what was currently in place

·        It was the Authority’s public duty to provide the information it held if no valid reason to withhold

 

Resolved:-  (1)  That the General Data Protection Regulation annual report 2019/20 be noted.

 

(2)  That the legal requirement of the Council continuing its maintenance of its Information Governance policies and processes in compliance with legislation be noted.

Supporting documents: