Agenda item

The Head of IT (Service Management) will make a presentation on the current and future work of her service.

The Head of IT (Service Management) made a presentation on the current and future work of her service.

Her presentation included:

·         A ‘look back’ at 2018/19 with particular reference to the rise in the number of incidents reported, the work with the Data Protection Officer, his report and Internal Audit Assurance

·         Current education and communications including E-learning programmes for staff and for Elected Members, the use of the weekly newsletter ‘Straight Talk’ as well as various other blogs and a recent phishing campaign

·         Looking forward, the Service had purchased MetaCompliance software which was a policy management, awareness and training platform that ensured policies were understood and that employees were engaged.  It also automated, delivered and managed the education lifestyle. 

·         The Committee also viewed a video which outlined the purpose of this software and how it would be used within the Council

·         The benefits of this were as follows:

o   It provided bite-sized education in different formats and at various intervals

o   It was graphically engaging

o   It provided knowledge assessments (or agreements)

o   It increased knowledge of current threats and risks

o   It could be used to target specific groups of users and avoid the current ‘one size fits all’ approach

o   It used intelligence to inform future training and communications

·         Information was provided about the specific support to be provided to Elected Members and which had been developed alongside Leeds City Council.

In the ensuing discussion particular reference was made to the following:

·         The outcome of a recent phishing campaign and the action taken to ensure that the small number of staff who had not identified this as a phishing attempt received additional training

·         The reasons for the increase in the number of data breaches and the action taken to address these issues.  Arising out of this discussion, reference was made to the arrangements for reporting serious data breaches to the Information Commissioners Office (ICO).  It was noted that the Authority took a proactive, transparent and open approach to informing the ICO of such breaches and in seeking advice.  It was noted that over the last three years only a very small number of cases had been referred for investigated but the open approach of the Authority had probably been taken into account when these cases had been considered and no major errors had been identified that required substantial remedial action

·         Information was provided about the disposal arrangements for both paper and electronic records 

RESOLVED that Ms S Hydon be thanked for a most informative presentation.