Audit and Governance Committee


21 January 2022



Report of the Director of Governance





Corporate Governance Report  

1.      Summary

1.1    This report provides Members with updates in respect of:

·        Investigatory Powers Commissioner’s Office (IPCO) inspection

·        Corporate Governance performance indicators update

·        Information Commissioners Office (ICO) published decision notices

·        Ombudsman cases from last report in October 2021 to 31st December 2021


2.      Investigatory Powers Commissioner’s Office (IPCO) inspection


2.1    The IPCO carried out their programmed inspection of the council’s use of covert surveillance, acquisition of communications data or use of a Covert Human Intelligence Source (CHIS) and our adherence to the relevant laws such as Regulation of Investigatory Powers Act 2000 (RIPA) and Investigatory Powers Act 2019 (IPA) and all relevant codes of practice on 27th August 2021 by way of a virtual meeting and submission of documents and evidence.  The previous inspection was undertaken by way of a questionnaire in December 2018.


2.2    The inspection was conducted by an IPCO inspector with the council’s Senior Responsible Officer (SRO) Ms Janie Berry, Director of Governance and Monitoring Officer, Ms Lorraine Lunt, Corporate Governance Team and RIPA Co-ordinator; Ms Cath Murray, Corporate Governance Team and Deputy RIPA Co-ordinator; and Mr Colin Rumford, Head of Regional Investigations, National Trading Standards, Regional Investigations and eCrime Team, and an authorising officer


2.3    The council provided supporting documentation, including copies of the several authorisations granted within the inspection period, as requested by the Inspector.


2.4    The overall findings from the inspection, endorsed by the Investigatory Powers Commissioner, The Rt. Hon. Sir Brian Leveson, are

·        there remains one area of non-compliance from the previous inspection and the two other recommendations were discharged

·        several observations to improve performance

·        The introduction of a specific gatekeeping role to assist authorising officers, and the robust oversight conducted by your SRO, should be applauded.


2.5        The SRO and Corporate Governance Team are undertaking the required work and actions to meet the outstanding recommendation and observations from this inspection report. 


3.      Corporate Governance Performance Indicators Update


3.1    The performance indicators report for October to December 2021 for Quarter 3 is not completed until 20th January 2022 which is after the deadline for submitting and publishing this report. 


3.2    However the internal system configuration changes have now embedded and allows us to continue the development of the new datasets to support the ongoing reporting of corporate governance organisational performance and build on the 41 current corporate governance datasets released onto York Open Data. We have identified a wider set of indicators and datasets which are now in the final stages of development internally and, once completed, will include a regular external publication of information through York Open Data.  It will also enable us to provide more graphical presentation of reports to Committee and further updates will be provided in the next Corporate Governance report.


3.3    The previous complaints indicators published on York Open Data have already been replaced with three indicators linked to the Council Plan.  These are

·        IG14da - % of 4Cs Complaints responded to 'In Time' which will be published for the first time on 20th January.

·        IG22a - % of Grade 1 4Cs Complaints responded to 'In Time' – which is available at


·        FOI02 - FOI & EIR % Requests responded to In time - (YTD) – which is available at


4. ICO published decision notices


4.1    If someone is unhappy with the response they receive in relation to an FOI, EIR or SAR or if they want to raise a complaint under data protection legislation in relation to the rights of individuals, there is an opportunity to seek an internal review and then to complain to the ICO. The ICO publishes their decision notices and full reports on their website.


4.2    For this reporting period, October to December 2021 there were no published decision notices.


5.      Ombudsmen cases


5.1    Local Government and Social Care Ombudsman (LGSCO) decisions from the last report to Committee in October to 31st December 2021 are shown in Annex 1.  There were no Housing Ombudsman Services decisions during this time.


5.2    Of the twelve cases determined by the LGSCO, six were closed after the LGSCO’s initial enquiries as either out of their jurisdiction or no further action needed. There were six cases that were upheld and five had recommendations and/or remedies and one had no further action for the council as we had already offered a proportionate remedy.  Details of the recommendations and /or remedies are shown at Annex 1.

5.3    The Corporate Governance Team undertakes ongoing work with the Corporate Management Team, Directorate Management Teams as well as with individual service areas to ensure that we share learning opportunities across the council and to identify areas for improvement from Ombudsmen cases.


6.      Consultation

Not relevant for the purpose of this report.


7.      Options    

Not relevant for the purpose of this report.

8.      Analysis

Not relevant for the purpose of this report.


9.      Council Plan

9.1    The council’s corporate governance service offers assurance to its customers, employees, contractors, partners and other stakeholders that all information, including confidential and personal information, is dealt with in accordance with legislation and regulations and its confidentiality, integrity and availability is appropriately protected.

10.    Legal Implications

10.1 The Council has a duty to comply with the various aspects of complaints, data protection, and privacy and information governance related legislation.


11.    Risk Management

11.1  The council may face financial and reputational risks if the information it holds is not managed and protected effectively or if it does not respond to complaints effectively.  For example, the ICO can currently impose civil monetary penalties up to 20million euros for serious data security breaches and Ombudsmen can impose financial remedies.  The failure to identify and manage information risks or respond to complaints effectively, may diminish the council’s overall effectiveness and damage its reputation.  Individual(s) may be at risk of committing criminal offences.


12.    Recommendations

12.1              Members are asked:

12.1.1               To note the details contained in this report.

12.1.2               To provide any further feedback for future reporting







Contact Details


Author: Lorraine Lunt

Information Governance & Feedback Team Manager   

Telephone: 01904 554145




Chief Officer Responsible for the report: Janie Berry, Director of Governance






Report Approved


10 January 2022





Wards Affected:  List wards or tick box to indicate all




For further information please contact the author of the report




Annex 1 – Ombudsmen decisions


Background Information

Not applicable