Agenda item
INFORMATION GOVERNANCE FRAMEWORK
To adopt the Information Governance Framework.
Minutes:
The Information Governance Officer introduced the report and advised that following a GDPR audit carried out in 2019 a dedicated information officer responsible for governance had been hired. The accountability framework from the Information Commissioner Office (ICO) had been used to help set out the approach for the Policies included in the Information Governance Framework. It was also advised that they were working to embed the knowledge and use of the framework across the council using a team of information champions.
Councillor Hurst asked a question about the on-sale value of this report and whether the information was sourced from other councils. It was confirmed that there were a number of different policies available online however, finding one policy that was fit for purpose at Stroud was difficult.
Councillor Baker asked if there were plans to include compensation for serious data breaches. The Information Governance Officer advised that they were looking to review the complaints policy again to ensure it was aligned with other Council policies. With regards to compensation the legal team would provide advice based on the specific case at the time. In response to a further question, it was advised that a Data Breach Policy was included in Appendix D and that full investigations were carried out with any data breach to ensure it could be used as a learning exercise. It was also confirmed that a register of data breaches was maintained and updated.
In response to questions from Councillor Davies it was confirmed that the wording regarding confidentiality for email signatures had been reviewed and IT had been asked to implement this. The Information Governance Officer also advised that there had been approximately 5 data breaches that year and that 3 of the breaches had related to human error with an officer selecting the wrong email address when sending an email. They had therefore been trialling new software which would help to reduce the risk of this by warning the user of irregularities.
Councillor Kay questioned whether the records management policy was fit for purpose as it left decisions as to when and what records needed to be retained down to service managers which could allow some services to destroy some documentation which could be needed in the future. The Information Governance Officer responded by stating each service area had its own retention schedule which were being reviewed. The ICO did not stipulate how long you need to keep every single document and therefore it is left up to councils to decide how long they need to retain information. They also advised that they could look into this further to see if they could find any further guidance to assist managers. The Monitoring Officer advised that this was an operational decision and therefore the Information Governance Officer may not be able to provide any further guidance. Councillor Kay requested for his concerns with regards to data retention and record management to be recorded.
Councillor Pearcy requested reassurance on the level of resources available to deliver not only the initial training but continued training. The Information Governance Officer assured Members that she had support from the Strategic Leadership Team (SLT) and the Leadership Management Team (LMT) and each service area would have their own information governance champion. They were working with One Legal for a training package for each champion and quarterly meetings would be held going forward to share information and ensure continuous learning. The staff hub would also be updated and any changes to policies could be reported through the intranet. All Officers were also asked to regularly undertake an online data protection course.
Councillor Hurst stated that Councillor Kay raised an interesting point regarding planning enforcement and the issues around data that is stored, in his opinion once a planning application had been implemented the data should always remain available. He also advised that it would be useful for Members to have further guidance on GDPR regulations and being a Councillor as it is sometimes hard to discern when someone is acting as a councillor.
Councillor Norman Kay expressed his unease with the proposals relating to record management keeping and advised that he did not feel he could support the recommendations because of this. The Monitoring Officer advised that if Members were uncertain regarding the Record Management Policy in Appendix B this could be removed from the suite of documents to allow officers more time to develop it.
Councillor Kay proposed that the record management policy be removed from the documents being adopted so it could be reviewed further. Members of the Committee were in agreement with this.
On being put to the vote, the Motion including the amendment above was carried unanimously.
RESOLVED To adopt the Information Governance Framework with the exception of the Records Management Policy which would be reviewed further.
Supporting documents:
-
Item 5 - Information Governance Framework, item ASC.005
PDF 314 KB -
Item 5 - Appendix A - Information Governance Policy, item ASC.005
PDF 802 KB
-
Item 5 - Appendix B - Records Management Policy, item ASC.005
PDF 743 KB
-
Item 5 - Appendix C - Data Protection Policy, item ASC.005
PDF 517 KB
-
Item 5 - Appendix D - Data Breach Policy, item ASC.005
PDF 957 KB
-
Item 5 - Appendix F - Information Complaints Policy, item ASC.005
PDF 709 KB
-
Item 5 - Appendix G - Anonymisation & Pseudonymisation Policy, item ASC.005
PDF 744 KB