Agenda item

This report provides Members with updates in respect of:

·       New internal governance arrangements

·       Corporate Governance performance report

·       Information Commissioners Office cases

·       Ombudsmen cases, complaint handling codes and assessment

·       Local Government and Social Care Ombudsman (LGSCO) annual letter and performance

·       NHS Data Security and Protection (DSP) Toolkit – self assessment for 2023-2024

·       Investigatory Powers Commissioner (IPCO) inspection including Audit and Governance Committee’s “fit for purpose” review of the covert surveillance policy and procedures and data report.

Members considered a report that provided an update in respect of:

·        New internal governance arrangements

·        Corporate Governance performance

·        Information Commissioners Office cases

·        Ombudsmen cases, complaint handling codes and assessment

·        Local Government and Social Care Ombudsman (LGSCO) annual letter and performance

·        NHS Data Security and Protection (DSP) Toolkit – self assessment for 2023-2024

·        Investigatory Powers Commissioner (IPCO) inspection including Audit and Governance Committee’s “fit for purpose” review of the covert surveillance policy and procedures and data report.

The Information Governance and Feedback Manager/DPO noted the comments raised under public participation and referenced various sections of her report, including the annexes, and highlighted that:

·        The decrease in the percentage of Subject Access Request (SAR) complaints responded to in time for quarter 1 2024/25 was an area of concern and officers had resumed work with service areas and managers to consider opportunities to make improvements.

·        Officers were considering improvements to address the fall in performance for responding in time to the number of complaints received in children services and other social care legislation complaints.

·        There had been no Information Commissioner’s Office decision notices since the last report to committee.

·        The NHS Data Security and Protection (DSP) Toolkit self-assessment for 2023-24 had been completed.

·        The Investigatory Powers Commissioner onsite inspection had been confirmed for Monday, 23 September 2024, and the committee would be updated on their findings.

·        If required, officers could provide the committee with further Regulation of Investigatory Powers Act  (RIPA) training, following their session in November 2023. 

During discussion of the item, the Information Governance and Feedback Manager/DPO answered questions raised and it was noted that:

·        Members were content that the RIPA training last offered was sufficient.

·        Officers had received verbal assurances from the ICO that the enforcement notice issued had been fully complied with and they would continue to chase for a recorded response.

·        The departmental budget savings had been achieved due to a half vacant post, and there will be opportunities for future service delivery due to the complaint’s element transferring into the customer service centre.

·        Due to complaints and feedback received in the past, the disclosure log had been updated including an advanced search function.  The log enables Freedom of Information (FOI) and Environmental Information Regulation (EIR) responses  to be explored for up to 12 months.

·        There was no legal requirement to publish any FOI or EIR responses in full and doing this could generate a potential data breach and was manually intensive. Although officers were considering how to reduce the manual process to publish the responses, guidance was available on the disclosure log website that explained how a fuller response could be obtained. 

·        Officers considered repeated themes within FOI or EIR requests and would proactively publish those for information and consult with the relevant service area. The legislation still required officers to provide a legally compliant response, so publishing repeated requests did not reduce the number of EIRs/FOIs received but helped reduce the time taken to respond. The Manager agreed to provide an update on the data published within her next report to committee. 

·        Officers were consulting with business intelligence to align the statutory timescales to provide more accurate metrics and a better trajectory throughout the year.

·        Officers would expand on the internal governance management arrangements, as highlighted within annex 1, and provide a briefing that recognised and differentiated between members and officers.

The Information Governance and Feedback Manager/DPO was thanked for her report and update.

Resolved:

(i)           That the new internal governance arrangements be noted, as highlighted in the report.

(ii)         That the performance details be noted, as highlighted in the report.

Reason: So that Members were provided with details and current performance from the Corporate Governance Team.

(iii)     That the details for the IPCO inspection be noted and the “fit for purpose” review of the covert surveillance policy and procedures and data report be considered.

Reason: So that Members were provided with a future report on the council’s use of covert surveillance and complete their review of the policy and procedures as required by the IPCO.