To inform the committee of performance in the areas of complaints, data incidents and requests for information made to the council over the municipal year 2019/20.

The information access and records manager presented the report and highlighted the following:

·        The report provided assurances that there were good operational procedures in place to deal with information requests and complaints.

·        There had been a rise in the number of complaints upheld by the Social Care and Local Government Ombudsman (LGO) and training was being arranged in order to try and reduce the numbers but there had been a delay due to Covid-19.

·        The Council is dealing with information requests within timescales

·        There were very few referrals to the Information Commissioners Office (ICO).

During the committee’s discussion of the report, the following points were raised.

·        The differences between a Subject Access Request (SAR) under the Data Protection Act, Freedom of Information (FOI) and Environmental Information Regulations (EIR) were provided.   It was noted that a SAR did require checks for identity as it related to personal information held by the Council on an individual.

·        There had been a delay in undertaking the training in connection with the increase of upheld LGO complaints due to Covid-19.   The team had been redeployed to support the Council’s response to the pandemic.  Training had now been arranged with the LGO and guidance for investigating officers had been produced.

·        The LGO had stopped taking new cases in April 2020 and had re-started in September 2020.   This may have an impact on the figures for the municipal year 2020/21

·        There had been an increase in the disagreement of the decisions in connection with children’s complaints.   This process enabled children and young people to make complaints or for someone to make a complaint on their behalf.   There were not any specific themes, it related more to areas.   The children’s directorate management team had gone through the complaints in order to learn from them.

·        Approximately 50% of schools had signed up to a service level agreement (SLA) to provide professional advice and act as the school’s data protection officer (DPO).   A DPO was required under the General Data Protection Regulations (GDPR).  

·        There were regular reports to directorate management teams and management board.   There were a range of reasons for mistakes happening and the directorates looked at the learning / recommendations.   This could result in changes in processes or training for staff.  

·        It was noted that the volume of requests / complaints were stable compared to other years.   However, SAR had grown significantly once those requests could be made for free.

·        It was noted that the cost to the Council was primarily staff costs and that the people submitting requests did expect an answer straightaway.  

·        The team have been encouraging directorates to publish as much information as possible.

·        It was confirmed that information held on Mosaic was used when there was an SAR.   It was further confirmed that the access controls in Mosaic had been audited by internal audit.

Recommendation(s)

That

the information set out in the report regarding requests for information, data protection compliance and complaints over the past year were reviewed with regard to any risks arising.