Audit and Governance Committee

30 November 2020



Report of the Director of Governance





Information Governance and Complaints

1.      Summary

1.1    This report provides Members with updates in respect of:

·        Information governance performance

·        ICO decision notices

·        Publishing of disclosure log

·        LGSCO Complaints from last report February 2020 to date of this report


1.2    There is a separate report covering the Annual Complaints Report and the proposals for customer complaints and feedback toolkit, policy and procedures including how this can be delivered


2.      Information Governance Performance


2.1    The council publishes performance data on timeliness for responding to requests made under Freedom of Information Act (FOI), Environmental Information Regulations (EIR) and Data Protection Act subject access to records requests (SARs), via the York Open Data platform via the below link.


2.2    At Committee in December 2019, I confirmed we would work on the provision of performance reports in graphical formats and consider further comments and feedback given by Committee.  These are provided at Annex 1  


2.3    Work is still underway across different information governance networks and groups in the Yorkshire and Humberside region regarding sharing of performance information that is informative and useful.  However due to the diversion of work and resources across many councils, this work has not yet been completed.  Therefore the graphs provided show our performance information only.  I will update the Committee on the progress of the regional work when available.


2.4    From the start of the council’s response to Covid19, we have continued to provide our service and support to both customers and to service areas across the council.   However we did have to in some instances, extend the timescales for responses given that resources in some areas of the council had been diverted to provide covid19 response services.  The impact of this is shown in the performance graphs at Annex 1. 


2.5    The Information Commissioner’s Office (ICO) confirmed at the start of the first national lockdown, that although they could not extend statutory timescales, they would not be penalising public authorities for prioritising other areas or adapting their usual approach during these unprecedented times.  They would also tell people through their own communications channels that they may experience understandable delays when making information rights requests during the pandemic.  The ICO said “they are a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with information rights work when assessing a complaint brought to us during this period, we will take into account the compelling public interest in the current health emergency”.


3.      ICO decision notices


3.1    If someone is unhappy with the response they receive in relation to an FOI, EIR or SAR request, or if they want to raise a complaint under data protection legislation in relation to the rights of individuals, there is an opportunity to seek an internal review and then to complain to the ICO. The ICO publishes their decision notices and their full reports at


3.2    Since the last report in February which included ICO decision notices up to 17 January 2020, the ICO has published three decision notices for the council and the summaries of these are available at Annex 2.


3.3    Where the decision notices upheld the complaint, this was because we had not responded to the requester in the timescales set out in legislation.  However these were requests made when the council had diverted resources to respond to covid19 and so in some instances, we were not able to respond in time to all requests. 


3.4    Where the complaints to the ICO involved the council’s use of exemptions to withhold information, these were not upheld (which means the council used the exemption correctly) and partly upheld.  


4. Publishing the disclosure log


4.1    Following the introduction of new regulations in 2018, known as ‘Public Sector Bodies Websites and Mobile Applications (No. 2) Accessibility Regulations’, our websites must achieve level ‘AA’ of the W3C’s Website Content Accessibility Guidelines (WCAG 2.1)


4.2    As a result of these Accessibility Regulations all responses hosted on the council’s website were reviewed including the use and nature of PDF documents which meant there was a high risk of breaching the accessibility guidelines.

4.3    We now publish an adequate ‘disclosure log’ online in ‘plain text’. This approach is being monitored to better understand customer appetite and demand. The disclosure log complements the existing online form, which allows customers an easy online method to request information

5.      Complaints


5.1    Local Government and Social Care Ombudsman (LGSCO) cases  from the last report to Committee in February, to the date of this report are shown at Annex 3.


5.2    The annex details the decisions and actions recommended by the LGSCO.    


5.3    There were a total of 19 cases determined by the LGSCO in the time period of 17/02/2020 to date of this report.  Of those 10 were closed after their initial enquiries; 5 were not upheld and 4 were upheld.

5. 4   The information governance and complaint team continue to work with the Corporate Management Team, Directorate Management Teams as well as with individual service areas to identify areas for improvement or shared learning opportunities.  These have also been used to inform the proposals for an up to date corporate complaints and feedback toolkit for which there is a separate report to Committee.


6.      Consultation

Not relevant for the purpose of this report.


7.      Options    

Not relevant for the purpose of this report.

8.      Analysis

Not relevant for the purpose of this report.


9.      Council Plan

9.1    The council’s information governance framework offers assurance to its customers, employees, contractors, partners and other stakeholders that all information, including confidential and personal information, is dealt with in accordance with legislation and regulations and its confidentiality, integrity and availability is appropriately protected.

10.    Legal Implications

The Council has a duty to comply with the various aspects of information governance related legislation.




11.    Risk Management

The council may face financial and reputational risks if the information it holds is not managed and protected effectively.  For example, the ICO can currently impose civil monetary penalties up to 20million euros for serious data security breaches.  The failure to identify and manage information risks may diminish the council’s overall effectiveness and damage its reputation.  Individual(s) may be at risk of committing criminal offences.


12.    Recommendations

Members are asked:

·        To note the details contained in this report.

Contact Details

Author: Lorraine Lunt

Information Governance & Feedback Team Manager   

Telephone: 01904 554145


Chief Officer Responsible for the report: Janie Berry, Director of Governance





Report Approved


7 November  2020




Wards Affected:  List wards or tick box to indicate all





For further information please contact the author of the report




Annex 1 – FOI/EIR/SAR performance

Annex 2 – ICO decision notices summaries

Annex 3 – LGSCO cases


Background Information

Not applicable