Issue - meetings
Review of Information Policy Framework
Meeting: 03/06/2008 - Executive - for meetings from 03/06/00 to 26/04/11 (Item 6)
6 Review of Information Policy Framework PDF 40 KB
This report presents a revised Data Protection Policy for the Council, following a review of the information management policy framework which identified the current policy as no longer fit for purpose.
Additional documents:
Decision:
RESOLVED: (i) That the draft Data Protection Policy be approved.
(ii) That it be requested that future Member training include Data Protection responsibilities.
REASON: To ensure that the Policy is fit for purpose and that Members are properly informed on the latest requirements regarding Data Protection legislation.
Minutes:
Members considered a report that presented a revised Data Protection Policy, prepared following a review of the Council’s information policy framework, which had identified the current policy as no longer fit for purpose.
The current policy, approved in December 2001, was deficient in that it did not explain the choices available to managers in complying with data protection legislation, nor how directors could be assured of compliance, nor Members’ policy requirements. A proposed revised Policy was attached as Annex A to the report. No changes were proposed to the procedures for dealing with information requests nor to the policy framework for records management.
The draft Policy aimed to apply a model similar to that used for financial management. Alternatives to this ‘policy and audit’ model were:
- Centralised control, with all systems etc. authorised by a data protection officer. Not recommended as it would be too costly and inconsistent with other management arrangements.
- To omit the audit element. Not recommended as the Council would be unable to assure itself that the risk of non-compliance was minimised.
Members commented that it would be helpful to cross-reference some of the terminology used in the Policy to the relevant legislation.
Having noted the comments of the Shadow Executive on this item, it was
RESOLVED: (i) That the draft Data Protection Policy be approved.1
(ii) That it be requested that future Member training include Data Protection responsibilities.2
REASON: To ensure that the Policy is fit for purpose and that Members are properly informed on the latest requirements regarding Data Protection legislation.