Decision details

Debbie Bonser, Information Governance Manager, presented a progress report on Information Governance arrangements within the County Council.

The Committee was informed since the last information governance update to this committee, on 30 June 2015, good progress had been made in the provision of information governance services to the Council. The Information Commissioner's Office (ICO) returned in October 2015 and praised the Council for their significant progress in all 3 ICO audit scope areas (Governance, Training and Subject Access requests).

Areas singled out for praise included:

• The creation of a draft Corporate Risk Register showing all high level risks and opportunities faced by the Council;
• The introduction of an information risk management group identifying high level information risks and opportunities and creating mitigating (or maximising) actions before pushing them to the Corporate Risk Register;
• The introduction of a Privacy Impact Assessment Policy which included a methodology to identify, assess and mitigate privacy risks at the start of all new projects; and
• The provision of secure email and remote access for social workers screening subject access requests prior to disclosure.

It was reported that the ICO audit process had been completed and all possible civil monetary penalties in lieu of security breaches at the Council had been cancelled.

The Committee's attention was also drawn to:

·  The measures taken to raise awareness of information governance across the Council and to realign information governance work areas with ICO recommendations;

·  The development of an electronic system to approve sharing between organisations and promote the rapid adoption of information sharing across the public sector;

·  The Council's attainment of a high score of 94% against the NHS Information Governance Toolkit.  It was noted that this was one of the highest scores on the toolkit; and

·  A number of security incidents since the last update report.  It was noted that none of the incidents were serious enough to be reported to the Information Commissioners Office and the measures taken to mitigate these incidents were explained.

Members welcomed the report and in particular the progress being made to develop robust arrangements to secure information properly.

Resolved: That the progress made on Information Governance arrangements within the County Council, as set out in the report now presented, be noted.