The Corporate Insight, Communities and Governance Manager and the Senior Information Governance Officer introduced their report providing performance data on the management of information governance to ensure corporate oversight and minimise risk to the Council.

The Corporate Insight, Communities and Governance Manager explained that:

·  Last year she had provided details of a restructure within her team, the aim of which was to combine and fully resource all the information governance functions within the Council.  This encompassed the complaints process, logging and responding to information requests (Freedom of Information (FOI) and Environmental Information Regulation (EIR)), data protection, records management and correspondence with Members of Parliament.

·  The annual complaints and data protection reports, previously presented to the Committee separately, had been combined and the scope widened to provide Members with a clearer overview across the Council of the volume of work, performance and trends.  The report also provided details of national changes of note in data protection, the Local Government Ombudsman’s Annual Report and progress against the Data Protection Action Plan.

·  As part of the new structure, a Senior Information Governance Officer had been appointed.

The Senior Information Governance Officer advised the Committee that:

·  The report included a summary of the work completed by the Information Governance Team predominantly focussing on the past year but looking at historic data too.

·  467 FOI and 434 EIR requests were received in 2021/22.

679 stage 1 complaints were received in 2021/22, fewer than the number recorded during the year preceding the pandemic.

The total number of data incidents reported in 2021/22 was 29.  Of these 26 were found to be data breaches after investigation but the majority of these were low to no risk.

·  The Information Governance Annual Report 2021/22 included details of the work, volume and types of requests processed by the Information Governance team.  This included historical data to provide context and demonstrate trends.

·  Performance remained consistent within the team, typically falling within the 10% tolerance for all its targets.

·  The annual report from the Local Government Ombudsman (LGO) provided insight about the Council’s approach to complaints.  Only 6 complaints were fully investigated by the LGO.  This represented 0.009% of the overall number of complaints in 2021/22 and the Council was required to take further action in respect of 4 of these 6 cases.

·  Progress against the Data Protection Action Plan was positive.  The number of actions completed had increased over the past year and the remaining open actions had been reassigned with revised timelines to ensure that they are completed within the next year.

In response to questions, the Officers explained that:

·  No updates had been received as to when the Data Protection and Digital Information Bill might become an Act.  It was understood that it was the intention to make changes to the terminology, but processes would remain the same.  Some requirements had been lessened particularly for small businesses, but this would not impact upon the Council on a day-to-day basis.

·  4 of the 6 complaints fully investigated by the LGO were upheld (67%).  However, 6 complaints represented only 0.009% of the overall number of complaints (679) in 2021/22.  The complaints received, particularly at stage 2, were reviewed continuously in an attempt to resolve them, but sometimes there was a difference of opinion about what would be an acceptable outcome.

·  The number of complaints about household waste (refuse, recycling, garden etc.) varied throughout the year.  The number of people working at home both during and after the pandemic had impacted on access to properties.  It would be useful in future reports to include trend and theme analysis.

·  Details of the one high risk data breach in 2021/22 would be circulated to the Committee.

·  Every complaint was taken seriously and there was a robust complaints procedure in place.  Details of the 4 complaints upheld by the LGO, the services and the remedies required, would be circulated to the Committee.  Any such details would be included in future reports to the Committee.

·  Consideration would be given to how the report is structured and presented in future to assist Members.

·  Consideration would be given to prioritisation of and a timeline for the development of an Information Risk Register.

RESOLVED:  That subject to the points raised in the discussion, the report be noted.