Agenda item
Annual review of the council's Information Access and Information Governance requirements 2021/22
- Meeting of Audit and Governance Committee, Monday 21 November 2022 11.00 am (Item 56.)
- View the background to item 56.
To inform the committee of performance in the areas of complaints, data incidents and requests for information made to the council over the municipal year 2021/22.
Minutes:
[Note: there was an adjournment for a few minutes due to a technical issue]
The committee considered a report on performance in the areas of complaints, data incidents and requests for information made to the council over the municipal year 2021/22.
The Complaints and Children’s Rights Manager introduced the report and read out a statement from the Head of Information Compliance and Equality, the key points included:
i. There had been a slight increase in Freedom of Information Act (FOI) and Environmental Information Regulations (EIR) requests compared to the previous municipal year, following an expected fall during the Covid-19 pandemic. Nevertheless, the local target of 95% of requests being answered within the statutory time limit was being met; this exceeded the Information Commissioner’s Office (ICO) threshold of 90%.
ii. 3 cases were referred to the ICO and the ICO upheld the decision of the council in each case.
iii. The Information Governance Team continued to work with service areas to address issues and to publish as much data as possible; within the last 6 months, a disclosure log had been published to support the transparency agenda.
iv. During the municipal year 2021/22, 204 requests were processed where individuals asked for personal data about themselves, representing a significant increase from the previous year, with most requests being for data held by the Children and Young People Directorate.
v. The team had received 176 reports of data incidents during the municipal year 2021/22. Of these, 3 had met the threshold for reporting to the ICO but no action was taken against the council.
vi. It was considered that the figures reflected that there were sound processes in place for reporting data incidents, there was a high level of awareness about data protection, and there was an open culture around reporting problems.
The principal matters raised during the discussion included:
1. With attention drawn to paragraphs 20 and 21 of the report (agenda page 68), the Complaints and Children’s Rights Manager said that a response would be sought on the impact of: the mandatory data protection impact assessments for new programmes, projects or systems that involve processing of personal data; and the data protection officer service level agreement for self-funding schools.
2. It was reported that, subject to two appointments, the team was expected to have a full complement of staff in the near future.
3. There was a discussion about the wellbeing support available to staff. It was noted that the Scrutiny Management Board on 28 November 2022 was to consider an item on ‘Herefordshire Council’s Human Resources and Workforce Strategy’ (link to the item).
4. The Complaints and Children’s Rights Manager provided a brief overview of the operation of the Corporate Complaints Policy and Procedure, and of the separate Children’s Representations and Complaints Policy and Procedure. It was reported that, following recent dialogue with the Corporate Director – Children and Young People, the intention was to process more complaints through the children’s policy and revisions were being considered by Legal Services; the document would be approved by the Management Board / Corporate Leadership Team in due course.
5. With attention drawn to paragraph 22 of the report (agenda page 68/69), the Complaints and Children’s Rights Manager advised that the Complaints Team would process the community trigger going forward, with each case being referred to the Community Safety Partnership to consider any action to be taken. The Chairperson suggested that a further breakdown be sought from the Community Safety Partnership about the outcomes in relation to the community trigger and what action had been taken in each instance, albeit recognising that some details may be confidential.
The committee was advised that statutory community safety and policing scrutiny powers were within the remit of the Connected Communities Scrutiny Committee and that the meeting on 13 February 2023 was to consider an item on the Community Safety Partnership (link to the agenda). The Chairperson said that they would write to their counterpart on the scrutiny committee about the community trigger.
Resolved:
That the information set out in the report regarding requests for information, data protection compliance and complaints over the past year has been reviewed.
Action(s):
Action 181: That the Information Governance Team provide further details on the impact of: the mandatory data protection impact assessments for new programmes, projects or systems that involve processing of personal data; and the data protection officer service level agreement for self-funding schools.
Action 182: That a further breakdown be sought from the Community Safety Partnership about the outcomes in relation to the community trigger and what action had been taken in each instance.
Action 183: The Chairperson write to the Chairperson of the Connected Communities Scrutiny Committee about the community trigger.
Supporting documents: