Agenda item
Minutes:
The Committee was advised that, while the Council had had policies and procedures for the areas of data protection, freedom of information and records management since 2003, it was clear that those required to be updated in light of guidance which had been received from the Information Commissioners Office and on recommendations by the Council’s Audit, Governance and Risk Service. Accordingly, new policy and procedures, copies of which were available on the Council’s website, had been developed to meet legal requirements and revised standards.
The Committee was advised that the implementation of the policy would be through the ongoing staff programme and ad hoc assistance from the Information Governance Unit. The Unit would liaise with Digital Services on taking forward the development and roll-out of the Council’s CRN system to manage the Council’s information queries. In addition, further actions from audits on the development of related policies, for example, Freedom of Information, information security and retention and disposal were currently underway.
While the staff training programme and draft policy and procedures helped the Council mitigate the risk around information governance, it was suggested, in the medium term, that a refresh of the Council’s 2008 Information Management Framework be carried out in the form of a corporate Information Governance Framework. That would provide an overall architecture for how the Council captured, created, accessed, secured, managed and shared its information both internally and externally. It would also help to better manage the information the Council held and facilitate compliance with both legislation and general principles of good information governance. In that context it was important to note that, following Local Government Reform and, in particular, its role in relation to community planning, would result in the Council holding and sharing an even greater amount of sensitive information.
Any information management framework would be structured around five main areas of information governance:
1. Information governance management
2. Records management
3. Information compliance
4. Information security
5. Data quality and assurance
Appropriate policies and procedures would be developed to ensure its implementation throughout the organisation.
The Committee approved the policy and procedures and agreed the development of a corporate Information Governance Framework.
Supporting documents:
-
Information Governance - Draft policies and procedures, item 10b
PDF 108 KB -
Appendix 1 - Information Governance - Draft Data Protection Policy, item 10b
PDF 695 KB
-
Appendix 2(a) Information Governance - Request from individual, item 10b
PDF 826 KB
-
Appendix 2(b) Information Governance - Data subject rights, item 10b
PDF 149 KB
-
Appendix 2(c) Information Governance - Share information internally, item 10b
PDF 600 KB
-
Appendix 2(d) Information Governance - Data processing agreement with a third party, item 10b
PDF 153 KB
-
Appendix 2(e) Information Governance - Significant data breach, item 10b
PDF 401 KB
-
Appendix 3 - Information Governance - Draft outline Framework, item 10b
PDF 72 KB