Decision details

Ian Young, Deputy County Secretary and Solicitor presented a progress report on the information governance (IG) arrangements within theCounty Council.

The committee noted the progress that had been made to date and the proposals for further steps to ensure that robust arrangements are in place to manage the County Council's responsibilities to properly maintain the confidentiality and security of information. 

The committee was advised that there were a number of areas where good progress had been made, notably the putting in place of appropriate policies and procedures, the appointment of a Senior Information Risk Owner (SIRO) and Caldicott Guardian and the establishment of a Corporate Information Governance Group at senior level to ensure IG was managed and communicated properly across the Authority. 

Efforts had been made to remind all staff across the Authority of their IG responsibilities but it was recognised that much more needed to be done.

It was therefore proposed that the County Council, as a matter of urgency, would appoint a Head of Information Governance, one of whose first priorities when appointed would be to assess the level of resource required to manage this highly important area of work.  In the interim, a senior officer within the County Secretary and Solicitor's Group had been nominated Information Governance Lead and his main focus would be to ensure any security breaches were handled properly, that action would be taken to mitigate against such breaches and to progress work to ensure the County Council met the requirements of the NHS IG toolkit. 

As for the toolkit, it was reported that good progress was being made and there was now only one assessment category on which the County Council had yet to achieve the required 'Level 2' attainment.  In order to address this, a cross directorate task and finish group had been established and was working to pull together an up to date Information Asset register for the Council and to identify IA Owners by mid-December 2013. 

It was noted that some progress had also been made on moving towards a 'Level 3' attainment which the County Council is required to do by April 2014. 

The committee welcomed the progress being made but expressed concern at the potential financial and reputational risks to the council.

It was also noted that the committee would continue to receive updates on the progress being made to ensure risks around information governance were being adequately managed.

Resolved:

i)  Regretting the decision to place the Council's information governance functions with One Connect Limited leading to the current situation, the committee welcome the work now being undertaken to enable the council to effectively fulfil its obligations on information governance to a high standard, for the benefit of the people we serve.

ii)   That an update on the progress being made to ensure risks around information governance are being adequately managed be presented to a future meeting of the committee.