Issue - meetings

To receive the Information Governance & Caldicott Guardian Annual Report.

The Director: Policy & Governance and the Audit, Governance & Procurement Lead Manager presented the Information Governance & Caldicott Guardian Annual Report which provided an update and asked for approval of the Information Governance (IG) Work Programme for 2025/26.

The Local Authority Data Handling Guidelines recommended that each local authority should appoint a Senior Information Risk Owner (SIRO). The SIRO should be a representative at senior management level and had responsibility for ensuring that management of information risks were weighted alongside the management of other risks facing the Council such as financial, legal and operational risk.  The nominated SIRO was the Director: Policy & Governance.

It was a requirement that an annual report be prepared in order to give assurance that there were clear, robust processes in place to allow for any relevant risks to be raised to the organisation and that the Council was an ethical and responsible authority.

The Council was required to comply with three main pieces of legislation being the Freedom of Information Act 2000, Environmental Information Regulations 2004 and UK Data Protection Act 2018/UK GDPR in respect of public sector information which supported all of the services across the Council.

During 2024/25 the Council had received 1,262 Freedom of Information (FOI) requests which was an increase of 22% on the previous year.  Of those received, 86% had been responded to within the 20 working day deadline which was marginally lower than the target set, although an improvement on the previous year.  

There had been three referrals from the Information Commissioner’s Officer (ICO) during 2024/25 where the public had been dissatisfied with the response from the Council.  Although these did not require any action as a Council, one had been escalated to the first-tier tribunal which fell in favour of the requester and further information was released.

In relation to Subject Access Requests, 136 had been received during the reporting period which was an increase of 32 on the previous year with 96% being responded to on target which exceeded the ICO target.

The Director: Adult Social Care was allocated to the role of Caldicott Guardian  who was the Senior information Risk Owner overseeing the use of data in the authority in order to meet good governance within the Council  and actively supported efforts to enable information sharing where appropriate and advise on lawful and ethical processing options.

During the debate, Members welcomed the report and noted the Council was not shying away from the use of AI but embracing it whilst balancing the risks. It was asked if the Council required legislation from central government in order to use additional AI technology.  In relation to FOI requests, were there repetitive and trending questions and did this impact on the reason for the increase.  It was asked if there was any AI that could be used to reduce the workload for staff in relation to the FOIs which were draining on resources and time consuming.

The Director: Policy & Governance explained that there was no need for additional legislation in relation  ...  view the full minutes text for item 9