Contact your Parish Council
|
AUDIT, GOVERNANCE AND STANDARDS COMMITTEE |
15 January 2024 |
|
|
|
|
Information Governance Report – Annual Report for 2022-2023 |
|
|
Timetable |
|
|
Meeting |
Date |
|
Wider Leadership Team |
12/12/2023 |
|
Audit Governance and Standards Committee |
15/01/2024 |
|
Will this be a Key Decision? |
No |
|
Urgency |
Not Applicable |
|
Final Decision-Maker |
Audit, Governance and Standards Committee |
|
Lead Head of Service |
Angela Woodhouse Director of Strategy, Insight & Governance |
|
Lead Officer and Report Author |
Anna Collier Insight Communities and Governance Manager and Georgia Harvey Senior Information Governance Officer |
|
Classification |
Public |
|
Wards affected |
All |
|
Executive Summary |
|
The Information Governance Team oversees the management of complaints, compliments, information requests (Freedom of Information (FOI) & Environmental Information Regulation Requests (EIR)), MP correspondence, data protection including subject access requests (SAR), information sharing requests as well as handling data breaches. This report provides performance data on the management of information governance to ensure corporate oversight and minimise risk to the Council. The report also includes details concerning the Ombudsman’s new complaint handling code which will come into effect in April 2024.
|
|
This report makes the following recommendations to this Committee: |
|
To note the report.
|
|
Information Governance Report – Annual Report |
|
|
1. CROSS-CUTTING ISSUES AND IMPLICATIONS
|
Issue |
Implications |
Sign-off |
|
Impact on Corporate Priorities |
The four Strategic Plan objectives are:
· Embracing Growth and Enabling Infrastructure · Safe, Clean and Green · Homes and Communities · A Thriving Place Accepting the recommendations will materially improve the Council’s ability to achieve all corporate priorities. We set out the reasons other choices will be less effective in section 2. |
Anna Collier, Insight Communities and Governance Manager |
|
Cross Cutting Objectives |
The four cross-cutting objectives are:
· Heritage is Respected · Health Inequalities are Addressed and Reduced · Deprivation and Social Mobility is Improved · Biodiversity and Environmental Sustainability is respected
The report recommendation(s) supports the achievement(s) of all cross cutting objectives by ensuring strong information governance practices across the Council. |
Anna Collier, Insight Communities and Governance Manager |
|
Risk Management |
Already covered in the risk section
|
Anna Collier, Insight Communities and Governance Manager |
|
Financial |
The proposals set out in the recommendation are all within already approved budgetary headings and so need no new funding for implementation.
However, the new Code of Complaints Handling could lead to an increase in financial reparations. |
Liza Sedge, Finance Officer |
|
Staffing |
We will deliver the recommendations with our current staffing. |
Anna Collier, Insight Communities and Governance Manager |
|
Legal |
This report provides a review of information governance including complaint handling. There is no statutory duty to report regularly to Committee on the Council’s performance. However, under Section 3 of the Local Government Act 1999 (as amended) a best value authority has a statutory duty to secure continuous improvement in the way in which its functions are exercised having regard to a combination of economy, efficiency and effectiveness. |
Team Leader (Contentious and Corporate Governance) |
|
Information Governance |
The recommendations do not impact personal information (as defined in UK GDPR and Data Protection Act 2018) the Council processes. |
Anna Collier, Insight Communities and Governance Manager |
|
Equalities |
The recommendations do not propose a change in service therefore will not require an equalities impact assessment |
Nicola Toulson, Equalities and Communities Officer |
|
Public Health
|
We recognise that the recommendations will not negatively impact on population health or that of individuals.
|
Shafiqullah Hemat, Senior Public Health Officer |
|
Crime and Disorder |
There are no implications to Crime and Disorder |
Anna Collier, Insight Communities and Governance Manager |
|
Procurement |
There are no implications to Procurement.
|
Anna Collier, Insight Communities and Governance Manager |
|
Biodiversity and Climate Change |
The implications of this report on biodiversity and climate change have been considered and there are no implications on biodiversity and climate change.
|
Anna Collier, Insight Communities and Governance Manager |
1. INTRODUCTION AND BACKGROUND
1.1. The Information Governance Team are responsible for managing:
· The complaints process including unreasonable and unreasonably persistent persons,
· Logging and responding to information requests (also known as Freedom of Information - FOI and Environmental Information Regulation - EIR),
· Data protection (including subject access requests, CCTV requests, data protection impact assessments, data sharing, and records of processing activities),
· Records management, and
· Correspondence with members of parliament.
1.2. Performance data for 2022-2023 for information management can be seen at Appendix 1.
Information Requests
1.3. The term ‘information requests’ covers both Freedom of Information (FOI) and Environmental Information Regulation (EIR).
1.4. The time limits for responding to these requests are set out in statute as 20 working days, subject to qualifying criteria. If the Council doesn’t hold the information requested or doesn’t believe it should be shared, then an exemption (FOI) or exception (EIR) can be applied to all or part of the request.
|
Year |
FOI |
EIR |
Total |
|
2021-2022 |
465 |
434 |
899 |
|
2022-2023 |
579 |
319 |
898 |
1.6. A target of 100% of responses sent on time is set to reflect the requirements by law, however it is highly ambitious. The ICO accept that Councils won’t always achieve this and concentrates its investigations and penalties on those organisations with backlogs. Performance per quarter in 2022-2023 is shown in the grid below. The reduced performance in Q2 is attributed to staff leave over this period, resulting in reduced capacity within the team.
|
|
Q1 |
Q2 |
Q3 |
Q4 |
|
Requests Received |
243 |
202 |
210 |
244 |
|
Response Rate |
90% |
82% |
90% |
96% |
1.7. If the requestor doesn’t agree with the Council’s decision, then they can appeal via internal review, and these are reviewed by Legal Services. The requestor can further complain to the Information Commissioner’s Office (ICO), who will make the ultimate decision.
1.8. The total number of internal review requests received in 2022-2023 was 9. For context the total for 2021-2022 was 15. This decrease is attributed to a change in process implemented during the year, which requires responses to be approved by the Senior Information Governance Officer before being sent.
Complaints
1.9. The Council operates a three stage complaints process:
1. All stage 1 complaints will be investigated by the service manager and responded to within 10 working days.
2. Customers have the right to take the complaint to stage 2 for an independent assessment by the Information Governance Team. The Information Governance team will then undertake an assessment of the complaint, within 5 working days, in order to determine whether a full investigation would be able to add anything to the stage 1 response and/or achieve the desired outcome. If the assessment concludes that further investigation is warranted, then a full response is sent within 20 working days.
3. If, after following our complaints process, customers are still unhappy, they can contact the Local Government and Social Care Ombudsman (LGO), an independent service set up by the Government to investigate complaints about most council matters. The Ombudsman will not investigate complaints until they have been through both stages of the Council’s complaints process.
1.10. The total number of stage 1 complaints received in 2022-2023 was 677. For context the total for 2021-2022 was 681.
1.11. The total number of stage 2 assessments received in 2022-2023 was 144. For context the total for 2021-2022 was 139. The target for stage 2 assessment to be completed within 5 working days is 100%. The on-time completion rate stands at 75% for 2022-2023. This is a decrease from previous year, which was 96%. This decrease, although not quantifiable, is attributed to an increase in more complex queries. To ensure these are addressed additional time is spent seeking and reviewing information in order to make decision about whether to escalate the complaint to a stage 2. The stage 2 assessment looks at whether a full investigation will be able to add anything to the stage 1 response and/or achieve the outcome being sought. Where possible we try to resolve the matter with the service area at stage 2 assessment.
1.12. After completing the stage 2 assessments, a total of 63 complaints were escalated for a full stage 2 investigation. This equates to 9% of all stage 1 complaints. For context the total for 2021-2022 was 95.
1.13. The target of 80% of stage 2 responses sent on time is considered good performance. Last year we achieved this target in Q1 and Q4.
1.14. Household Waste continues to receive the most complaints at both stage 1 and stage 2. The Waste Team provide a service that affects every household in the Borough, so it is expected that this service will receive more complaints that others by nature of its size alone.
1.15. To further understand the cause of household waste complaints, in 2022-2023 we collected and analysed complaints by the type of waste (refuse, recycling, garden etc) and location to better understand the nature of the complaints. The data shows the most common type of waste complaints were general waste (213), garden waste (133). This data will continue to be collected in 2023-2024 and will be used to inform complaint handling.
Local Government and Social Care Ombudsman
1.16. Each year the Local Government and Social Care Ombudsman (LGSO) produces statistics for each local authority showing how many complaints it received, what they were about and how they were resolved. The report provides insight about how we approach to complaints and the findings from the LGSO. The 2022/23 annual letter from the LGSO is enclosed at Appendix 2.
1.17. As a summary, in 2022-2023 the LGSO received 22 complaints for the Council and decided 23 complaints (5 complaints resolved in the year were from 2021-22). Of the complaints received by the LGSO in 2022-2023, 3 are awaiting a final decision. The remaining 18 relate to 2022-2023 and, of these, 14 were closed without our involvement, or knowledge. In total, the LGO upheld 6 complaints against us in 2021-2022 (out of 693) and 3 in 2022-2023 (out of 672). This equates to 0.87% and 0.45% respectively. Further analysis is enclosed at Appendix 3.
New Joint Complaint Handling Code
1.18. The Local Government and Social Care Ombudsman (LGSCO) has developed a Joint Complaint Handling Code with the Housing Ombudsman Service (HOS). The new code will result in changes to our current Complaints Policy and processes, which must take effect from April 2024. More information on the joint code can be seen in Appendix 4, and a summary is provided below along with an assessment of impact for the Council’s processes. Whilst a review of our processes has been undertaken the final version of the code is not due to be released until early 2024 so we will wait to implement to ensure our documentation reflects the latest information. Training for staff on the new complaints process is scheduled for March 2023.
1.19. The proposed key changes to note are:
6.8 If an organisation has got something wrong it must record the complaint as being upheld, even if there are elements of the complaint it has not upheld. It is not appropriate to record a complaint as being partially upheld. – IMPACT: we often have small recommendations on elements of a complaint which are currently recorded as partially upheld, this change may have a negative effect on the number of complaints shown has upheld.
6.9 Where individuals raise additional complaints during the investigation, these must be incorporated into the stage 1 response if they are related, and the stage 1 response has not been issued. Where the stage 1 response has been issued, the new issues are unrelated to the issues already being investigated, or it would unreasonably delay the response, the new issues must be logged as a new complaint. – IMPACT: this removes some of our control in the way we manage our processes and will likely impact our delivery of complaints in time and the volume of complaints.
6.22 If a complaint is upheld at stage 1, and the stage 2 response agrees with those findings, the complaint must be recorded as upheld. This is the case even if the stage 2 response finds no fault in the way the stage 1 complaint was handled. – IMPACT: this will impact how we report complaints and the volume of complaints showing upheld at stage 2, additional analysis and context will need to be completed in our reports to reflect this requirement.
7.2 Any remedy offered must reflect the impact on the individual as a result of any fault identified. – IMPACT: this could result in cost implications, and we will need to review our remedy policy to ensure we fully comply with the guidance.
8.1 a) the annual self-assessment against this Code to ensure their complaint handling policy remains in line with its requirements. – IMPACT: a self-assessment will be required, and this will now be part of annual report.
8.2 The annual complaints performance and service improvement report must be reported to its governing body (or equivalent) and published on the section of its website relating to complaints. The governing body’s response to the report must be published alongside this. – IMPACT: we will review where this will be reported once we have additional guidance from the LGSO and make appropriate amendments to our constitution.
8.3 Organisations must also carry out a self-assessment following a significant restructure, merger and/or change in procedures. – IMPACT: review with the Head of Human Resources to identify any change required to policies and processes and reporting for the annual self-assessment.
9.5 In addition to this a member of the governing body (or equivalent) must be appointed to have lead responsibility for complaints to support a positive complaint handling culture. This person is referred to as the Member Responsible for Complaints (The Member). – IMPACT: This would be the Cabinet Member for Corporate Services.
9.7 As a minimum, the Member and the governing body (or equivalent) must receive:
a) regular updates on the volume, categories, and outcomes of complaints, alongside complaint handling performance.
b) regular reviews of issues and trends arising from complaint handling; and
c) the annual complaints performance and service improvement report.
- IMPACT: we will review where this will be reported once we have additional guidance from the LGSO and make appropriate amendments to our constitution. Performance reporting will probably need to increase to quarterly.
Compliments
1.20. The Council records compliments received from members of the public.
1.21. The total number of compliments received in 2022-2023 was 42. For context the total for 2021-2022 was 61. The department with the highest number of recorded compliments was Waste, with 25.
Data Incidents
1.22. A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
1.23. All potential breaches are investigated by the Information Governance team and must be completed within 72 hours in case they need to be reported to the ICO. All breaches are signed off by the Data Protection Officer or Deputy Data Protection Officer and are reported to the Information Management Group, which meets quarterly.
1.24. The total number of data incidents reported in 2022-2023 was 53. This is an 83% increase from the previous year, where 29 data incidents were recorded.
1.25. Of the 53 reports, 14 did not constitute a data breach, 37 were assessed as low risk breaches and 2 were assessed as medium risk breaches. No incidents were reported to the supervisory authority (the Information Commissioner’s Office). The increase in data breaches has been recognised by the Information Management Group, and action is being taken to raise this with managers to reduce the number of data incidents.
1.26. The Council has fostered a culture whereby employees actively report data breaches. This has been supported by additional team training provided by the Information Governance Team during the year to ensure employees understand their obligations. This combined approach means that employees report data breaches as soon as they are aware, which in turn enables the Council to react quickly to mitigate the impact.
1.27. Most data breaches are caused by human error, with no intended malice, resulting in a loss of confidentiality. This is typically as a result of post or e-mails being sent to the wrong person.
Data Subject Rights Requests
1.28. There are seven types of rights requests we can receive including: subject access requests and erasure requests. All requests must be processed by the Information Governance team.
1.29. Rights requests can be extremely time consuming, due to the need to source and review all personal data to identify what information is in scope of the request and to undertake relevant redaction.
1.30. The total number of requests received in 2022-2023 was 66. For context the total for 2021-2022 was 40. This equates to a 65% increase. The breakdown for each type of request is below:
|
Financial Year |
Access |
Erasure |
Objection |
Total |
|
2021-2022 |
38 |
1 |
1 |
40 |
|
2022-2023 |
62 |
4 |
0 |
66 |
Information Sharing Requests
1.32. Information sharing requests from other organisations are requests for personal data where there is a legal basis to request it. In the main these are processed via the Information Governance Team, with the exception of Fraud and Compliance Team, who process requests directly given the nature of the role.
1.33. The total number of requests received in 2022-2023 was 510. For context the total for 2021-2022 was 318. This equates to a 60% increase. The breakdown per type of requesting organisation is below:
|
Organisation Type |
Total |
|
Law Enforcement Agency - Kent Police |
267 |
|
Utility Company |
144 |
|
Insurance Company |
26 |
|
Local Authority |
24 |
|
Law Enforcement Agency - Other (Not Kent Police) |
16 |
|
Individual |
12 |
|
Central Government/Government Department |
10 |
|
Legal Firm |
9 |
|
Housing Association |
2 |
|
Total |
510 |
1.34. The majority of requests are received from the police, predominantly for CCTV. The increase in requests is attributed to the rise in contact from utility companies, specifically South East Water. South East Water has a statutory power to charge and a corresponding obligation to collect charges and pursue debt under section 142 of the Water Industry Act 1991.
MP Correspondence
1.35. Correspondence both to and from members of parliament on behalf of constituents is recorded and monitored by the Information Governance Team; with requests assigned to the relevant departments to prepare any required responses. This does not include correspondence between departments and members of parliament to discuss and resolve Council matters.
1.36. The total number of recorded correspondence with MPs in 2022-2023 was 262. For context the total for 2021-2022 was 257. The department with the highest number of recorded correspondence was Housing & Inclusion & Health, with 120.
1.37. The target of 90% of responses sent within 20 days, is considered good performance. This target was met in Q1. The decrease in performance is attributed to the volume and complexity of request assigned to Housing & Inclusion & Health and Community Protection, which required additional time to investigate.
Summary
1.38. Overall, across the service, volumes continue to increase and scope of requests are becoming larger and more complex. There has been a change in the way that customers contact us, with an increasing volume of email contacts relating to a single issue which is harder to manage. This is reflected in the number of requests to manage customers under the Unreasonable or Unreasonably Persistent policy.
1.39. Performance in 2022-2023 has decreased from the previous year. In addition to volume and complexity of contacts, this is can also be attributed to changes made internal processes to improve compliance which whilst have increased the quality of work have increased the workload. This includes checking all responses before sending, additional time being spent seeking and reviewing information and following up mitigations on data breaches.
1.40. In addition, the team underwent a number of changes in staffing. The changes of staffing have also impacted team performance in 2023-2024, with arrangements in place to recruit a temporary member of staff to the vacant post.
Data Protection Action Plan
1.41. The Council continues to work proactively to improve how we manage and hold personal data in-line with the Data Protection Act and UK GDPR. The Action Plan provides an update on key changes and highlights the areas where further work is required.
1.42. Key projects completed over the past year include creating a data protection risk register, creating webpages with answers to frequently asked FOI questions, undertaking data protection impact assessments on CCTV and working with departments to review privacy notices on the website.
1.43. An update on the Action Plan is enclosed at Appendix 5.
1.44. The Government has announced legislative changes to the UK, publishing the Data Protection and Digital Information Bill in July 2022. The Bill plans to reform the UK Data Protection regime following Brexit. The Bill can be accessed here at https://bills.parliament.uk/bills/3322.
1.45. In Q1 and Q2 of 2023-2024, we have continued to see a slight increase in requests for data protection impact assessments. Although not aligned to a particular department, the trend is linked to our growing use of data to automate processes and improve data collection and analysis. Whilst the numbers are relatively the same, the scale of the projects have grown which has increased the volume of work involved in risk assessing processes.
|
Year |
Q1 |
Q2 |
Total |
|
2021-2022 |
6 |
5 |
11 |
|
2022-2023 |
8 |
4 |
12 |
|
2023-2024 |
10 |
4 |
14 |
3. AVAILABLE OPTIONS
3.1 Audit Governance and Standards Committee could choose not to receive or receive a reduced report on the performance of Information Governance activities in the Council however this wouldn’t be recommended as good information governance protects the Council from risk.
3.2 The current report represents the broad spectrum of information governance and therefore the best practice.
4. PREFERRED OPTION AND REASONS FOR RECOMMENDATIONS
4.1 To continue to receive updates and note progress.
5. RISK
5.1 This report is presented for information only and has no risk management implications.
6. CONSULTATION RESULTS AND PREVIOUS COMMITTEE FEEDBACK
6.1 None
7. NEXT STEPS: COMMUNICATION AND IMPLEMENTATION OF THE DECISION
7.1 The next annual report will be provided for year 2024-2025.
8. REPORT APPENDICES
· Appendix 1: Information Governance Report – Annual Report 2022-2023
· Appendix 2: LGO Annual Letter 2022-2023
· Appendix 3: LGO Annual Complaints Analysis 2022/2023
· Appendix 4: New Complaint Code of Conduct
· Appendix 5: Data Protection Action Plan
9. BACKGROUND PAPERS
9.1 None