Agenda item

Report of the Deputy Chief Executive (Place)

The Committee considered a report of the Deputy Chief Executive (Place) that the City Council adopted its Information Management Strategy in March 2016. The Strategy recognised that information was one of the Council’s greatest assets and its correct and effective usage was a major responsibility and essential to the successful delivery of the Council’s priorities. Since the introduction of the Strategy, the Council had put a range of measures in place to embed effective information governance throughout the organisation.

The implementation of the Information Management Strategy was a key step in helping the City Council to prepare for the implementation of the General Data Protection Regulation which came into force in May 2018 and introduced the most significant change in data protection legislation in 20 years. The GDPR strengthened the rights of individuals and reflected the significant technological changes that had taken place over the last 20 years since the Data Protection Act legislation was introduced in 1998. The GDPR had been written into UK law and the new Data Protection Act 2018 also came into force in May 2018.

Data protection legislation set out the requirements on public organisations to manage information assets appropriately and how they should respond to requests for information. The Information Commissioner’s Office (ICO) was the UK’s independent supervisory authority set up to uphold information rights in the public interest, promote openness by public bodies and data privacy for individuals and monitors compliance with legislation.

The report set out how the Council performed during 2017/18 in responding to requests for information received under the Freedom of Information Act, Environmental Information Regulations and Data Protection Act, the completion rate, outcome of internal reviews and complaints made to the ICO. It also reported on the management of data protection security incidents reported, data protection training, preparations for the introduction of the General Data Protection Regulations and the follow up to the ICO Audit of the Council’s data protection arrangements which took place during the year.   

The Committee discussed the importance of high standards of information governance and the major responsibility that the Council had in protecting and using the information in compliance with legal requirements. Acknowledging that 96% of employees had now completed Data Protection Training, the Committee agreed that a letter be sent to all Elected Members from the Chair of the Audit and Procurement Committee, on the arrangements for Elected Member Training and proposed workshops to support them in understanding the requirements of the General Data Protection Regulations and the Data Protection Act 2018.

The Committee were encouraged by the improvement in responses to FOIA/EIR requests within the target time of 20 working days to 73% in 2017/2018 compared to 68% in 2016/2017. However, they expressed their concerns that the Council remained below the 90% response level required by the ICO and discussed the implications of not meeting that requirement. The Committee agreed to receive a half-year Information Governance Progress report and asked that this be added to the Work programme accordingly.

RESOLVED that the Audit and procurement Committee:

1)  Notes the Council’s performance on Freedom of Information, Subject Access and other Data Protection Act requests, including the outcomes of internal reviews and the number and outcome of complaints made to the ICO.

2)  Notes the reporting and management of data security incidents.

3)  Notes the Data Protection training compliance for employees.

4)  Notes the Data protection training arrangements for Members, including any requirements

5)  Did not have any comments or recommendations to make to the Cabinet Member for Policy and Leadership.

6)  Agrees that a half-year progress report be submitted to the Committee.