Agenda item

This report provides Members with updates in respect of:

·        Information governance

·        ICO decision notices

·        Use of FOI Act exemptions including section 14

·        Personal data breach

·        LGSCO Complaints

Members considered a report providing them with updates in respect of:

·        Information governance

·        ICO decision notices

·        Use of FOI Act exemptions including section 14

·        Personal data breach

·         LGSCO Complaints

The Information Governance and Feedback Team Manager attended the meeting to present the report and answer Member questions. It was highlighted that the performance figures contained in the report were also subject to Internal Audit reporting and a further report on those would be coming to this Committee as part of the Veritau Internal Audit report. They stated that we received a high volume of FOI and EIR requests compared to other Councils.

In response to Member questions they stated:

·        CYC differentiate between FOI and EIR requests, which not all Councils do. There is some interpretation as to which Act requests should be considered under, but York had qualified practitioners within the team to deal with these in the most appropriate manner;

·        A request by a Councillor for information is first determined in respect of the purpose for the request. If the information cannot lawfully be released to the Member in that capacity, then the request can be considered under the FOI Act. If the information was released to the Member through the FOI process (and therefore it was being released into the public domain), the law would determine whether exemptions applied. The number of FOIs submitted by Councillors was very low. The exact number would be distributed to the Committee following the meeting;

·        Within the FOI act, if an ordinary question was asked which could be dealt with immediately (within 5 working days) that is how it would be dealt with. It was only where it may take longer than 5 days to provide the requested information, or there may be exemptions to apply that this would be treated as an FOI;

·        FOIs were never ignored, they were replied with the appropriate exemption, as necessary;

·        FOI responses were published in full on the CYC website which was over and above the legal requirement;

·        Service areas who were subject to repeat requests were advised to publish information, as appropriate, to try and limit the number of requests received;

·        If the information requested in an FOI was already publicly available the Council would signpost this;

·        Many of the FOIs received were sent to several Councils at the same time, which had a bigger impact on the figures of smaller Councils;

·        It was always the aim to respond in time, the 90% response rate was partially due to the complexity of some requests meaning that gathering the information took longer; and

·        FOIs came from a mixture of customers – media, researchers, residents, businesses etc;

In response to further questions on the data breach which had recently affected the One Planet York App they stated:

·        The breach was immediately investigated and the app was switched off to protect personal data;

·        The individual who reported the breach was contacted and the ICO were made aware;

·        The breach was of information held on a standalone database and had not affected any other CYC system;

·        CYC had asked that the data be destroyed;

·        A review into the governance framework for the website and associated apps was already underway at the time the breach took place. Learning from this breach would now be taken forward;

·        The internal investigation into this breach was being undertaken by the Information Governance Team;

·        In relation to a previous breach on York Open Data they stated that an update could be shared with the Committee;

·        There was an email address on the CYC website for people to inform the Council of potential vulnerabilities. Information on this breach though was sent directly to the One Planet York mailbox; and

·        CYC aimed to let users know as soon as possible about the breach. Delay was due to having to check the details of what had actually happened and ensure that consideration was given to the procedures/measures the ICO recommend for breaches.

During discussion several Members raised their concerns over the level of FOIs the Council was receiving and what this suggested about the level of openness and transparency in the organisation.

Benchmarking figures had been provided in response to previous requests from Members, which the Committee welcomed but suggested that it would be helpful to include these figures as a ‘per head’ of population figures.

Resolved:  That Members note:

(i) the sustained performance levels.

(ii) the details contained in this report.

Reason:    To keep Members updated.