To inform the committee of performance in the areas of complaints, data incidents and requests for information made to the council over the municipal year 2022/23.

The committee considered a report on performance in the areas of complaints, data incidents and requests for information made to the council over the municipal year 2022/23.

The Information Governance Manager (IGM) informed the committee that the information held in the report was from 1 May 2022 to 30 April 2023. The following points were highlighted:

1.     The volumes of freedom of information (FOI) and environmental information regulations (EIR) requests fell slightly in comparison to the previous municipal year.

2.     The information governance team (IGT) have continued to see a steady decrease in requests received since April, however it was highlighted the number of subject to access (STA) requests had increased.

3.     The IGT are responsible for investigating data breaches and risk assessing and advising service areas of how to ensure that those breaches do no reoccur.

In response to committee questions, it was noted:

      I.         The information request process was explained.

     II.         The IGM informed the committee that where a similar request had been made previously or where they knew the information was held on the website or could be found quickly, these are being treated as “business as usual” rather than being recorded as an FOI.  

   III.         The IGM informed the committee of the disclosure log on the Councils website which members of the public can use to search published requests responded to since January 2022. The website also provides a frequently asked questions which suggests what the Information Governance Team (IGT) may not respond to founded on previous responses.

   IV.         The IGM provided the committee with examples of data incidents.

    V.         It was noted that the Council was moving across to Office 365 which meant address books are no longer shared which would decrease the number of emails being sent to the wrong recipient.

   VI.         The IGM confirmed that making employees aware of “phishing emails” is the responsibility of the IGT and that the team undertake “phish exercises” by sending out “spoof test” emails to employees at random. At the last test 6% of staff were found to still be clicking on the links which was felt to be too high and further reminder emails were sent out to all staff.

 VII.         Based on the Information Commissioner’s Office (ICO) guidance the IGM clarified that in order for a breach to meet the threshold for reporting an assessment would be carried out on the number of people involved, the information and the sensitivity of that information. The breach would then be scored. A score of two or above would be reviewed with the Ofwat's Senior Information Risk Owner (SIRO) before it is considered reporting to the ICO.

VIII.         It was reported of the breaches reported to the ICO over the last 12 months, the ICO have been pleased with the actions that the Council had taken and they considered that no further action was required from themselves.

   IX.         The IGM confirmed the status of the Councils storage and back-up systems.

The Complaints and Children’s Rights Manager (CCRM) informed the committee there had been an significant increase in complaints made from the previous year, this was thought to be due to the complaints procedure having been made more accessible to the public in particular Children and Families.

1.     The CCRM provided a brief overview of the operation of the Corporate Complaints Policy and Procedure, and of the separate Children’s Representations and Complaints Policy and Procedure.

2.     It was highlighted that more complaints were being dealt with “in house” by working with the relevant service areas and complainants by means of mediation.

In response to committee questions, it was noted:

       i.         The CCRM highlighted that although there had been an increase in Children's complaints the way in which complaints were assessed had been changed. The Local Government and Social Care Ombudsman (LGSCO) had issued much clearer guidance on assessing complaints and it was thought the increase was due to the complaints now being processed under the correct policy. The increase was thought to mean that members of the public felt they could complain, they would be listened too and that their concerns would be resolved.

     ii.         The CCRM explained that her team would try to resolve any issues for members of the public such as the retrieval of information or connecting them with a relevant members of the council in order to avoid going through the formal complaints procedure.

    iii.         In relation to a question surrounding the increase of escalations, the CCRM explained that it was her responsibility to inform everybody of their rights to complain. An example was given of a corporate complaint and that once investigated if the complainant was not content with the response, they have a right to go to the ombudsman. She was unconcerned with the increase as the public were being made more aware of their rights to escalate their complaints.

    iv.         The CCRM confirmed that there was no “laid down” procedure for informal resolutions. Some examples of recurring themes and resolutions were given from the Economy and Environment and Children’s and Families Directorates.

     v.         Quarterly reports are sent to directorate management teams which highlight the areas of complaints and recommend action to be taken, complaints trend data can be actively used to anticipate problem areas for service users and training needed for council staff.

It was highlighted that although some of the aspects of the Annual review of the council’s Information Requests and Complaints report align with the Audit and Governance Committee functions it was not currently listed under the committees terms of reference and the Head of Legal service in conjunction with the Monitoring Officer would determine whether this report was presented to the Committee moving forward.

Resolved:

That the information set out in the report regarding requests for information, data protection compliance and complaints over the past year has been reviewed.

Action 2023/24-016 The Head of Legal service in conjunction with the Monitoring Officer conclude whether this report is still presented to the Audit and Governance Committee moving forward.