Issue - meetings

Information Governance & Caldicott Guardian Annual Report 2022/2023

Meeting: 31/05/2023 - Audit Committee (Item 8)

8 Information Governance & Caldicott Guardian Annual Report 2022/2023 pdf icon PDF 294 KB

To receive the Information Governance & Caldicott Guardian Annual Report.

Additional documents:

Minutes:

The Audit & Governance Lead Manager presented the Information Governance (IG) & Caldicott Guardian Annual Report 2022/23.

 

There were three main areas legislation and good practice standards that govern the IG arrangements:

 

·         Freedom of Information Act 2000

·         Environmental Information Regulations 2004

·         UK Data Protection Act 2018/UK GDPR

 

In 2022/23 there had been 933 freedom of information requests which was down by approximately 100 requests on the previous year.  Responses within the 20 day deadline were 87% which was very much in line with best practice of 90%.  There had been 45 environmental information regulation requests which had dipped but was comparable to the previous year.  There had been an increase of one data protection enquiry and 90% had been responded to within the statutory timescale which was an increase on the previous year.

 

The Information Governance Team monitor and investigate data breaches and provide feedback on lessons learnt to prevent future breaches.  During 2022/23 no breaches ad met the threshold required to be reported to the Information Commissioners Office (ICO).

 

Members were informed that the Caldicott Guardian was the person who oversaw risk in social care areas.  This currently sat with the Executive Director for Adult and Social Care but in the longer term this would be delegated to the new Director of Adult Social Care.

 

The IG work programme for 2023/24 was set out in the report and was based on legal requirements.  Managing the Council’s information was governed by the IG framework and IG strategy and this allowed the Local Authority to ensure that all information was held, processed and communicated safely and legally.

 

During the debate, some Members praised the Council’s training courses and data awareness.  Other Members asked if the data security breaches were all internal.

 

The Audit & Governance Lead Manager explained to Members that the some training for staff such as cyber security was classified as essential learning.  There was a mix of internal and external breaches and additional measures for electronic communications were being put in place through a new protected email system which would be an additional layer of security.

 

RESOLVED – that:

 

a)    the Information Governance & Caldicott Guardian Annual Report for 2022/2023 be noted;

 

b)   the Information Governance Work Programme for 2023/24 be agreed; and

 

c)    the Information Governance Framework be approved.