Agenda item

To receive the Information Governance & Caldicott Guardian Annual Report.

The Director: Policy & Governance and the Audit, Governance & Procurement Lead Manager presented the Information Governance & Caldicott Guardian Annual Report which provided an update and asked for approval of the Information Governance (IG) Work Programme for 2025/26.

The Local Authority Data Handling Guidelines recommended that each local authority should appoint a Senior Information Risk Owner (SIRO). The SIRO should be a representative at senior management level and had responsibility for ensuring that management of information risks were weighted alongside the management of other risks facing the Council such as financial, legal and operational risk.  The nominated SIRO was the Director: Policy & Governance.

It was a requirement that an annual report be prepared in order to give assurance that there were clear, robust processes in place to allow for any relevant risks to be raised to the organisation and that the Council was an ethical and responsible authority.

The Council was required to comply with three main pieces of legislation being the Freedom of Information Act 2000, Environmental Information Regulations 2004 and UK Data Protection Act 2018/UK GDPR in respect of public sector information which supported all of the services across the Council.

During 2024/25 the Council had received 1,262 Freedom of Information (FOI) requests which was an increase of 22% on the previous year.  Of those received, 86% had been responded to within the 20 working day deadline which was marginally lower than the target set, although an improvement on the previous year.  

There had been three referrals from the Information Commissioner’s Officer (ICO) during 2024/25 where the public had been dissatisfied with the response from the Council.  Although these did not require any action as a Council, one had been escalated to the first-tier tribunal which fell in favour of the requester and further information was released.

In relation to Subject Access Requests, 136 had been received during the reporting period which was an increase of 32 on the previous year with 96% being responded to on target which exceeded the ICO target.

The Director: Adult Social Care was allocated to the role of Caldicott Guardian  who was the Senior information Risk Owner overseeing the use of data in the authority in order to meet good governance within the Council  and actively supported efforts to enable information sharing where appropriate and advise on lawful and ethical processing options.

During the debate, Members welcomed the report and noted the Council was not shying away from the use of AI but embracing it whilst balancing the risks. It was asked if the Council required legislation from central government in order to use additional AI technology.  In relation to FOI requests, were there repetitive and trending questions and did this impact on the reason for the increase.  It was asked if there was any AI that could be used to reduce the workload for staff in relation to the FOIs which were draining on resources and time consuming.

The Director: Policy & Governance explained that there was no need for additional legislation in relation to AI but that it would need to be used responsibly and ethically.  The Business Intelligence Team looked at where data could be used and where informed consent was given how the Council could utilise this to maximise efficiency.

The Director: Adult Social Care informed Members that the authority was currently looking at the use of Magic Notes with testing being carried out on how it interacted with client-based systems and compliance with data protection.  Within Adult Social Care, work was being undertaken with the Making it Real Board looking at data, transcribing and records systems and the practical use of AI.

In relation to FOI requests, the Audit, Governance & Procurement Lead Manager indicated that there was no clear reason or theme for the increase in requests but peaks and troughs of interest or things occurring locally.  Neighbourhood and enforcement and adult social care were more prevalent.  The use of AI could not be discounted as a tool, but the law did allow the Council to refuse a request if it would be more than 18 staff hours and exemptions could be put in place if there were multiple requests from the same person on the same topic.

The Director: Policy & Governance noted that the FOI framework was a useful tool in enabling scrutiny of the work of the Council.

Upon being put to the vote it was, unanimously:

RESOLVED – that:

a)    the Information Governance & Caldicott Guardian Annual Report for 2024/26 be noted; and

b)   the Information Governance Work Programme for 2025/26 be approved.