Agenda item

Becky Scott, Legal and Democratic Services Manager:

a)    presented an update regarding information management within the Council

b)    outlined progress in further detail in relation to information management covering the following main topic areas:

·         Training Programme

·         Information Governance Officer Progress

·         Information Governance Action Plan Progress

·         Information Governance Management Plan

·         Breaches

·         Information Asset Owner (IAO) Handbook

·         Strategy and Policies

·         Annual Governance Statement Status

·         Vision 2020

c)    highlighted that the roll-out of officer training was now 62% complete and hopefully would be fully implemented by December 2017 with an E-Learning module available for staff ‘on-line’

d)    stated that an all member training session had taken place on 11 July 2017

e)    outlined actions required within the Information Governance Action Plan as detailed at Appendix A to the report

f)     confirmed that a Designated Data Protection Officer must be resourced by the authority and be in place by May 2018 to comply with the law

g)    requested members’ feedback on the content of the report.

Members discussed the content of the report in further detail, raising concerns in relation to:

·         The need for refresher training on information management.

·         : There was an aspiration for regular refresher tests to be conducted and monitored once training was fully completed.

·         Checks required to ensure information passed on to third parties was deleted once finished with to avoid data protection leaks.

·         : Data Sharing Agreements were in place which incorporated processing/security checks to ensure data was dealt with properly. Contractual arrangements with third parties were subjected to strict control requirements in relation to compliance with the Data Protection framework.

·         Whether follow-up checks were made with other organisations to ensure third party data was secure?

·         : Record retention and disposal was followed up through our IT officers .Further group discussions on this matter would be reinforced.

·         Whether all officers should be asked to work from IPads to reduce the risk to data security for people working from home.

·         : There was an issue with costs for reliance on use of IPads. In addition, data removed from City Hall would need to be scanned and security coded. One of the major messages for information management in the Council was how to control data taken ‘off site’.

·         Why a full time Data Protection Officer was not already in place.

·         : This request had been forwarded to Assistant Director Group for consideration. Aspirations for a more rapid solution would be sought through discussions with the Chief Executive.

Members supported the work being completed by officers in relation to information governance, which was impacted upon by the General Data Protection Regulation coming into force in May 2018.

Members noted that a Data Protection Officer (DPO) must be resourced by the authority and be in place by May 2018 to comply with the law. Audit Committee must accept responsibility for having a robust solution in place to establish/recruit to this post by this date to lead on data protection matters.

RESOLVED that:

1.    Members support to officers and recognition of the importance of information governance work/training ongoing in relation to forthcoming data protection legislation be noted.

2.    A further update on progress be presented to Audit Committee at its meeting to be held on 12 December 2017, to incorporate an update on the DPO position.

3.    The content of the officer’s report including progress with training programmes and action plans be noted.