Agenda item

The Service Director Customer, Information and Digital Service will submit a report providing information on the final data protection audit outcomes and giving details of the progress made against each of the recommendations of the Information Commissioner following the consensual audit undertaken in October 2017.

The Service Director Customer, Information and Digital Service submitted a report providing information on the final data protection audit outcomes and giving details of the progress made against each of the recommendations of the Information Commissioner following the consensual audit undertaken in October, 2017.

The Committee was reminded that the audit had focussed on three areas, namely, training and awareness, records management and Freedom of Information processes.  A follow up review had been planned for the 24^th September, 2018 but this had been delayed at the request of the Information Commissioner’s Office until October, 2018.  Due to the excellent progress made, however, the Council had continued its commitment to have the process completed by the end of September as planned and, therefore, it would be submitted on the 21^st September, 2018.

Of the 108 recommendations made:

·         Training and awareness – all 25 recommendations had been completed

·         Records management – 40 out of the 48 recommendations were complete

·         Freedom of Information – 27 of the 35 recommendations were complete (it was noted that 5 of the recommendations had been rejected by the Council as they were not reflective of the Council’s processes or procedures.

Ms Hydon reported on the reasons for the delay in completing the recommendations which largely related to the scale of work required, the need to change processes and procedures across the Council as well as the introduction of new systems such as SharePoint.  An internal pre audit was due to be completed next week and in relation to records management, it was noted that the ICT systems policy was in the final stages of preparation.

In the ensuing discussion reference was made to the following:

·         In response to questioning, reference was made to the arrangements for dealing with Freedom of Information Act requests and to the discussions undertaken on occasions to try to ensure that information could be provided in a way which did not breach the ‘time’ threshold

·         Arising out of the above,

o   there was a discussion of the ways in which charges could be levied in relation to FOI requests and to the Authority’s stance on this

o   information was provided on the types of ‘recurrent’ FOI requests that were received

·         Of the outstanding recommendations for Records Management, 5 were in the ‘urgent’ category and these had been delayed because of the need to introduce new systems such as SharePoint.  Work had started on this but it was anticipated that this would not be complete until around 2020.  The new systems would give a better coherence around the collection and storage of electronic data

RESOLVED:

(i)            that Ms S Hydon Head of IT (Service Management) be thanked for attending the meeting and for answering Members questions; and

(ii)          that the report be received and the progress made in addressing the issues arising from the ICO audit be noted.