The IT Service Director will submit a report providing an update of the Information Commissioners Office audit.
The IT Service Director submitted a report providing an update of the Information Commissioners Office (ICO) Audit.
As previously reported, the ICO had made significant recognition of the strong leadership and good practice that the Council had embedded. In particular they had cited the excellent online training provision, comprehensive case management system for processing Freedom of Information Act requests and Shortwood had been identified as having a very well established processes for managing paper records. A number of issues had, however, been highlighted for further improvement and a number of recommendations were made for the Council to act upon which were of a medium or low priority.
In relation to the progress of the ICO Action Plan, there were 8 urgent priority, 21 high priority, 57 medium priority and 24 low priority recommendations. The implementation timetable agreed by the ICO was for all recommendations to be completed by 2020 which was because some were highly complex in nature and the report outlined the progress made to 31st March, 2018.
Whilst it had been anticipated that 48 recommendations would have been completed between December 2017 and March 2018, 33 remained incomplete and 11 were ongoing. The reasons for this were outlined and related to staffing changes and the complexity of the issues involved which meant that the original timescales had been unrealistic. Revised implementation dates had been agreed.
The ICO was due to request the updated action plan around September 2018 and the follow up audit would be a desk based review using the updated action plan and other supporting evidence. The next internal review would be presented to the Information Governance Board on the 8th May, 2018.
In the ensuing discussion particular reference was made to the following:
· In response to specific questioning reference was made to the document retention policy which detailed the timescales for which information could be kept.
· Reference was made to the overall audit opinion for the Council and the reasonable level of assurance in relation to Data Protection Compliance and to Records Management, Training and Awareness and Freedom of Information Act queries. Members of the Committee were reminded that the ICO had largely been complementary of the Councils arrangements and compliance with legislation
· There was a discussion of the potential conflict between the retention/disposal of personal information and the retention of archives for future use
(i) that Ms S Hydon (Head of IT Service Management) be thanked for attending the meeting and for answering Members questions; and
(ii) that the report be received and the progress made in addressing the issues arising from the ICO audit be noted.