Agenda item

This report provides Members with updates in respect of:

·        Information governance performance

·        General Data Protection Regulation (GDPR) and Data Protection Act 2018

·        NHS Digital Information Governance toolkit – annual assessment

·        NHS Digital audit

·        Complaints

Members considered a report providing them with updates in respect of:

·        Information governance performance

·        General Data Protection Regulation (GDPR) and Data Protection Act 2018

·        NHS Digital Information Governance toolkit – annual assessment

·        NHS Digital Audit Complaints

The Information Governance & Feedback Team Manager attended the meeting to present the report and answer Member questions. She highlighted that over 90% of both FOI and EIR received a response within 20 working days, which was the Information Commissioners Office (ICO) monitoring level. There were also ongoing improvements to Subject Access Request (SAR) progress and performance. This was set against a background of increasing volume and complexity of requests.

In response to member questions she stated that:

·        The complaints report had been taken to CSMC and it had been raised there that further benchmarking figures be provided to allow Members to compare CYC’s performance to that of other Local Authorities. However, not all Councils choose to publish performance data and it could be difficult to get other councils to disclose their performance on FOI requests. She confirmed that she would try again to get other councils from across the region to agree to share data;

·        She would look into whetherhistorical data and FOI trends could be provided to the Committee to make the data more meaningful;

·        There were no internal targets, the team work towards the ICO target;

·        ICO decision notices were available on the ICO website but this could be difficult to navigate so she would look at how these could be provided as a summary report to the Committee;

·        In relation to a question on data breaches which had been reported during the Citizen Audit, she would have to take this away as she was not aware of every instance. She would respond to this query via email;

·        The ICO had found against the Council’s application of the exemption Section 14 on 3 cases. There had been 4 cases where Section 14 had been used and on one case the ICO fully agreed with the Council’s use of this section. The Deputy Chief Executive confirmed that any future response to these FOI’s would be circulated to Members;

·        In the Local Government and Social Care Ombudsman (LGSCO) annual letter there was reference to use of Section 32 notices. In last year’s annual letter the Ombudsman had expressed concern over the Council’s use of Section 32 confidentiality notices. Such notices are used when a Local Authority consider it inappropriate for data to be disclosed to third parties during the course of the LGSCO’s investigation of a complaint. CYC has previously issued these notices when there has been a short timeframe to provide a response to the LGSCO’s initial enquiries and no time to fully consider what should or should not be disclosed to a third party. A meeting had taken place with the Assistant Ombudsman responsible for York and since that time no further Section 32 notices had been issued;

·        There had been a number of potential breaches notified to the ICO. They had commended the CYC approach to notification, including assessment;

·        All FOI’s received were included in the reported figures. All FOI’s are dealt with and logged, recorded, managed and if necessary issued with a refusal notice. Therefore, even if a request is refused within the 20 day target this is a response in time. This was national practice and within the FOIA;

·        She did not have the figure as to how many FOI’s  were refused because the request was  considered vexatious. It should be possible to pull data out of the system to show where different exemptions had been applied and she could circulate this to the Committee; and

·        It would take a detailed ‘drill-down’ into data to see how many of the 10% of FOI’s not responded to within 20 days were subsequently deemed as ‘vexatious’, but could confirm that this was one of the least relied upon exemptions. The FOI’s that were not responded to in time were very often the ones which were most complex in nature and it had taken time to gather information, and to decide what could be made public. This information could be made available in the next report.

Resolved:  That Members;

1.   Note the sustained performance levels

2.   Note the work already completed as well as the ongoing work required.

Reason:     To ensure the Council meets its information governance and complaint handling and responding, responsibilities.