Agenda item

Report of the Strategic Director Corporate Services and Governance

The Committee received a report on arrangements for Information Governance across the Council, including the annual reporting of data breaches.  The report also provided details of the Council’s use of covert surveillance and compliance with the requirements of the Regulation of Investigatory Powers Act 2000 (RIPA).

Information Governance

This was the first annual report to the Committee regarding the Council’s Information Governance framework, which will form an important part of the Council’s Overview and Scrutiny framework. The report outlines the legislative context (within which, the Council manages a range of sensitive information and personal data) and details the Council’s performance in this area over a 12 month period.

Effective and secure exchange and management of information is vital for both good service delivery, and for compliance with a legislative framework at both a national and European level.

The Council’s approach to Information Governance is based on the guidelines produced in 2010 and revised in 2014, by the Local Government Association.

It was reported that the Council has an Information Charter and an Information Strategy. 

The Information Governance Structure was outlined in the report along with details on the role of the Accountable Officer; Senior Information Risk Owner (SIRO); Deputy SIRO; Information Asset Owner, Information Asset Assistants and Internal Audit. The report also set out the responsibilities of Council staff at an individual level.

Details of the data breach reporting process were included in the report along with information on breaches within the last twelve months. Overall, the Committee was satisfied with the actions taken however raised concerns about the decision of the Information Commissioner to not prosecute for the theft of a database containing service user details in June 2015.

It was suggested that, providing the Council is not out of time, formal complaints be made to both the Police and Information Commissioner regarding their decision to not prosecute.

It was also requested that the officers in Litigation and Internal Audit reassess the evidence held in respect of this case, to inform any further action by the Council.

At a time when large numbers of employees are leaving the Council, a member of the Committee suggested that it is timely to remind employees of their obligations in respect of the Council’s information.

It was suggested that the reminder to not take information belonging to the Council could be incorporated into exit interviews, particularly where the post holder has access to information which is commercially sensitive. 

It was agreed that an update be obtained in respect of information security for employees who work from home and the potential to introduce port control on PCs.

The Council’s use of powers under the Regulation of Investigatory Powers Act 2000

In accordance with the codes of conduct produced by the Office of the Surveillance Commissioner, the Committee received the first annual report in relation to the Council’s use of RIPA.

The two types of covert surveillance that the Council can use are ‘directed’ (this involves observing, following or watching a subject of surveillance) and ‘CHIS’ (this involves using volunteer adults or children to attempt to make test purchases).

Typically, this Council uses RIPA in relation to benefit or Council Tax fraud when information is received that a claimant has someone living with them or is working and claiming benefits.

The Council uses CHIS when it receives information that, for example, a housebuilder is selling illegal tobacco or a shop is selling age restricted products to children.

It was reported that the Protection of Freedoms Act 2012 amended RIPA to restrict when Councils can use the powers it provides. Authorisation can only be made by Councils now if certain conditions are met, these were outlined in the report.

Statistics were provided in relation to the use of RIPA by the Council during the years 2013, 2014 and 2015.

RESOLVED -             i)          That the information be noted.

ii)          That the Committee was satisfied with the overall operation of Information Governance within the Council.

iii)         That the views of the Committee in respect of Information Governance be used to enhance the framework.

iv)         That the Council’s use of powers under the Regulation of Investigatory Powers Act was considered to be appropriate.