To inform the committee of performance in the areas of complaints, data incidents and requests for information made to the council over the municipal year 2022/23.

The committee considered a report on performance in the areas of complaints, data incidents and requests for information made to the council over the municipal year 2022/23.

The Information Governance Manager (IGM) informed the committee that the information held in the report was from 1 May 2022 to 30 April 2023. The following points were highlighted:

1.     The volumes of freedom of information (FOI) and environmental information regulations (EIR) requests fell slightly in comparison to the previous municipal year.

2.     The information governance team (IGT) have continued to see a steady decrease in requests received since April, however it was highlighted the number of subject to access (STA) requests had increased.

3.     The IGT are responsible for investigating data breaches and risk assessing and advising service areas of how to ensure that those breaches do no reoccur.

In response to committee questions, it was noted:

      I.         The information request process was explained.

     II.         The IGM informed the committee that where a similar request had been made previously or where they knew the information was held on the website or could be found quickly, these are being treated as “business as usual” rather than being recorded as an FOI.  

   III.         The IGM informed the committee of the disclosure log on the Councils website which members of the public can use to search published requests responded to since January 2022. The website also provides a frequently asked questions which suggests what the Information Governance Team (IGT) may not respond to founded on previous responses.

   IV.         The IGM provided the committee with examples of data incidents.

    V.         It was noted that the Council was moving across to Office 365 which meant address books are no longer shared which would decrease the number of emails being sent to the wrong recipient.

   VI.         The IGM confirmed that making employees aware of “phishing emails” is the responsibility of the IGT and that the team undertake “phish exercises” by sending out “spoof test” emails to employees at random. At the last test 6% of staff were found to still be clicking on the links which was felt to be too high and further reminder emails were sent out to all staff.

 VII.         Based on the Information Commissioner’s Office (ICO) guidance the IGM clarified that in order for a breach to meet the threshold for reporting an assessment would be carried out on the number of people involved, the information and the sensitivity of that information. The breach would then be scored. A score of two or above would be reviewed with the Ofwat's Senior Information Risk Owner (SIRO) before it is considered reporting to the ICO.

VIII.         It was reported of the breaches reported to the ICO over the last 12 months, the ICO have been pleased with the actions that the Council had taken and they considered that no further action was required from themselves.

   IX.         The IGM confirmed the status of the Councils storage and back-up systems.

The Complaints and Children’s Rights  ...  view the full minutes text for item 60