Agenda item

Report of the Executive Director of Resources

(Note: Councillor Duggins, Cabinet Member for Policy and Leadership, has been invited to attend the meeting for the consideration of this item.)

Further to Minute 36/16, the Committee considered a report of the Executive Director of Resources concerning further progress with the action plans developed to improve the Council’s information management arrangements. Details of the progress made was set out in appendices attached to the report. Councillor Duggins, Cabinet Member for Policy and Leadership attended the meeting for the consideration of this item and spoke in support of the progress that had been made. 

The report referred to the audits undertaken by the Information Commissioner’s Office (ICO) in relation to the Council’s data protection arrangements and In-form Consult (IFC) in relation to Information Governance generally. Arising from the audits findings, action plans were developed to implement the recommended actions for improvements to be made.

At the Committee’s meeting on 24^th October the update given on progress reported that out of 77 actions from the ICO recommendations, 48 had been completed, 27 were in progress and 4 were yet to begin. The Committee were informed that all the 27 actions labelled as ‘in progress’ had now been completed. In completing these actions, some further opportunities had been identified to improve data sharing agreements and the Information Governance Team were continuing to work on reviewing existing agreements.

The Committee noted that three of the four actions which had not yet begun at the time of the last update had now been completed and had been signed off by the Information Management Strategy Group. These actions related predominantly to the Council’s Information Risk approach and included the compilation of an Information Risk Policy and Register. It was proposed that a seminar was scheduled for the Committee to consider the information risk approach.

The final action related to the review of the Coventry Information Sharing Protocol. This action had now been superseded by individual Data Sharing Agreements. Should a new protocol be required, it could be shorter and less specific, but complemented by specific data sharing agreements with partners.

The Committee also noted that the process for recruiting a permanent Records Manager was underway and it was anticipated that interviews would take place in early March, 2017.

Further work had been completed to ensure that information assets were logged on the information asset register, with information asset owners being identified. Training, support and guidance had been prepared for officers undertaking this role. In addition, responsibilities for all staff had been enforced with a new online Information Governance Handbook and a revised Data Protection E-Learning course, which was to be completed by all staff on an annual basis. Since the November launch, 1487 employees had completed the course and a targeted communications plan was in place to ensure the remaining staff complete the course. The Committee noted the intention to report the completion statistics at future meetings on an annual basis.

With all 77 recommendations from the ICO now complete, the Information Management Strategy Group anticipated that a significantly improved level of assurance would be received from the ICO at the point of their follow-up visit. Also the Council now had a solid platform on which to build its approach to information management as covered by the Information Management strategy.

The Committee asked about the plans for internal audit to review the progress made and enquired about the ‘golden’ record for addresses and customers. Members discussed the issue of having more effective safeguarding of children through improved data sharing between different public agencies. Concerns were raised since it was felt that this issue had already been addressed. It was clarified that sharing of data in relation to safeguarding would be looked at as part of the internal audit. 

RESOLVED that:

1.  The progress to date against the ICO action plan be noted.

2.  Officers be requested to schedule a seminar for members of the Audit and Procurement Committee to cover the Information Risk approach in more detail.

3.  Officers be requested to report on the completion of mandatory training to the Committee on an annual basis.

4.  A glossary of terms detailing acronyms to be included in any future Information Management Strategy reports.

5.  The concerns raised about the sharing of information between partner organisations relating to Safeguarding issues be considered during the forthcoming internal audit.