To provide the audit and governance committee with a requested briefing on a recent potential data breach following publication of a record of officer decision and of the controls in place to manage publication of records of officer decisions in future.

The solicitor to the council presented the report.  

It was noted that the report which had the potential to breach data protection had not been disclosed outside of council systems and had not affected the criminal prosecution as that was in the public domain.    It was confirmed that there was a requirement to notify the information governance team of any potential data breach, which had occurred in this case.  It was noted that the relevant date for any data breach was when the knowledge of the data breach started (not when the breach occurred) so historical data breaches should be reported.  If the data breach was significant then there was a requirement to report to the Information Commissioners’ Office.  In this case it was not considered that a data breach had occurred and further training has been provided on redaction in published records in accordance with the access to information rules in the constitution.

RESOLVED

That the report be noted.