Issue - meetings
2023/24 Information Governance & Caldicott Guardian Annual Report
Meeting: 29/05/2024 - Audit Committee (Item 9)
9 2023/24 Information Governance & Caldicott Guardian Annual Report 
PDF 291 KB
To receive the 2023/24 Information Governance & Caldicott Guardian Annual Report.
Additional documents:
- Appendix 1 for 2023/24 Information Governance & Caldicott Guardian Annual Report, item 9
PDF 114 KB
- Appendix 2 for 2023/24 Information Governance & Caldicott Guardian Annual Report, item 9
PDF 11 KB
Minutes:
The Audit, Governance & Procurement Lead Manager presented the 2023/24 Information Governance & Caldicott Guardian Annual Report which set out the pieces of legislation and good practice standards that govern the IG arrangements of the Council.
There had been 100 more Freedom of Information (FOI) requests in 2023/24 than the previous year and this had led to the response rate being slightly down to 85%. The ICO has set a benchmark of 90% for responding to FOI requests within the 20 working day statutory deadline for responding to requests. There had also been an increase of appeals in relation to FOIs which come to the Council to review. The appeals were broadly in line with the previous year. Information Commissioner Officer (ICO) referrals, where it was considered a response was not adequate, a compromise was undertaken, further information provided and no further action taken.
In 2023/24 the Council received 104 subject access requests (SARs), 34 less than the previous year. The processing of SAR’s continued to be a challenge due to the volume (in pages) of information being asked for. Four of the subject access requests received in 23/24 alone encompassed over 10,000 pages of information which have to be read and redacted.
In relation to data breaches, although there was a large number of transactions and activities undertaken by the Council, it was good news that no breaches had met the threshold for reporting to the ICO as a fine could be up to £17.5m. To assist in preventing any data breaches, the Council had introduced a new system, Zivver, which had worked well and reduced the number of errors.
Progress on the 2023/2024 IG work programme was set out in the report and was a legal requirement of the data protection officer under GDRP. The Audit & Governance Lead Manager was the designated officer who ensured that the work programme was completed in an appropriate way.
The report also contained information on the role of the Caldicott Guardian and its responsibilities. The Caldicott Guardian and the Senior Information Risk Owner (SIRO) met four times per year with the Director: Policy & Governance.
Upon being put to the vote it was, unanimously:
RESOLVED – that:
a) the Information Governance & Caldicott Guardian Annual Report for 2023/2024 be noted: and
b) the IG Work Programme for 2024/25 be approved.