Decision details

Information Governance Annual Update

Decision status: Recommendations Approved

Is Key decision?: No

Is subject to call in?: No

Decisions:

The Group Information Manager and Deputy Data Protection Officer presented a report which provided with an update on the Council’s activities and compliance in respect of the Data Protection Act (DPA) 2018, Environmental Information Regulation (EIR) and Freedom of Information (FOI) requirements during the previous 12 months (October to September).

 

Members noted that during analysis of the requests there was a continued increased use of Information regulations by “social action groups” and “media organisations” to obtain information. 753 requests has been made to the Council, which was a slight increase on the previous year.  Of those requests 47 were for information relating to the Environment, or environmental matters such as biodiversity, planning and flooding, etc. Exemptions had been applied to disclosures, where necessary, and in most cases after a public interest test. Only 99 requests had some form of exemption applied, the majority being in respect of personal data or where the information was already available. Advice had been provided on 276 occasions, demonstrating proactive engagement. The percentage of responses within statutory deadlines was 98% which was above the ICO’s “good” threshold of 95% on time.

 

In respect to Data Protection there was an ongoing process where the use of data, and changes to processes were assessed for compliance with the Data Protection Legislation. There had been 48 data incidents reported which was a low volume given the number of transactions processed by the Council. 

 

Councillor Chris Mountain referred to the number of data protection incidents and requested an example of what they referred to. The Group Information Manager and Deputy Data Protection Officer advised that some examples included letters being sent to an incorrect address and emails containing personal data being sent mistakenly to another member of staff.

 

Councillor Paul Gleeson referred to the FOI requests and queried whether the amount of time being spent on the requests was being recorded and requested that, if not, that an estimated figure over the period of a month be provided. The Group Information Manager and Deputy Data Protection Officer advised that he would look into the possibility of providing some data to the Committee.

 

Councillor James Cantwell queried whether surveys were used following responses to requests. The Group Information Manager and Deputy Data Protection Officer advised surveys were not used. He added that many requests came from large organisations and anonymous websites, and that the survey results may not provide value.

 

Councillor Mike Gilbert referred to the redaction of information for law enforcement reasons and queried whether the information would fall under the heading of FOI requests or whether they would fall under quasi-judicial or civil enforcement. The Group Information Manager and Deputy Data Protection Officer clarified that the redaction on the basis of law enforcement was because releasing the information would prejudice a law enforcement activity that the Authority had. He advised that the FOI Act was for any recorded information held by the Council.

 

Councillor Gleeson requested a breakdown on the number of national and local requests.

 

Gideon Hall praised officers for their work. Adam Cartwright referred to the requests where responses were made outside of the deadline and queried whether there were any common factors. The Group Information Manager and Deputy Data Protection Officer advised that they were potentially late as a result of collating information from different teams within the authority which was an onerous task.

 

Councillor Mountain queried the possibility of recording late responses in order to identify any factors and trends. The Group Information Manager and Deputy Data Protection Officer agreed to provide the information.

 

Councillor Dani requested information in respect of any incidents where information had been passed on to a third party and how the Council had dealt with such matters. The Group Information Manager and Deputy Data Protection Officer confirmed that he was aware of some incidents and agreed to collate and provide the information to members following the meeting. He advised members that in most cases the Council would have requested that the information be returned or destroyed and that confirmation be provided. A risk assessment would then have been undertaken to confirm whether the data owner or the ICO would need to be informed. He added that there had no notifications had been made to the ICO that year.

 

On behalf of the Committee the Chairman praised the hard work carried out by officers.

 

RESOLVED:

 

That the report be noted.

 

Publication date: 10/01/2025

Date of decision: 18/11/2024

Decided at meeting: 18/11/2024 - Audit & Governance Committee

Accompanying Documents: