Issue - meetings
Data Protection And Information Security Update
Meeting: 02/07/2013 - Corporate Business Scrutiny Committee (Item 92)
92 Data Protection And Information Security Update 
PDF 31 KB
Additional documents:
- ERPA Data Protection and Security Update, item 92
PDF 16 KB
- Data Protection ERPB, item 92
PDF 17 KB
- ERPC Data Protection and Security Update, item 92
PDF 18 KB
Minutes:
The Head of Information, Customer and Parking Services submitted a report updating the Committee on the implementation of the Council’s Data Protection Action Plan. Members were invited to comment on progress to date and to identify any additional actions that might be taken to progress the Council’s data protection compliance programme.
Members were advised that Essential Reference Paper ‘C’ set out the current process flow chart in respect of the Data Protection Implementation Project. The flow chart included blocks of key actions that would take place as the project neared completion. Members were also referred to Essential Reference Paper ‘B’ where the Council’s policy framework in respect of information security was set out in priority order.
In response to a query regarding flash memory drives, the Head of Head of Information, Customer and Parking Services stated that the use of these drives was permitted provided that the drives were encrypted. Members were advised however, that the use of such drives was discouraged as the Council’s thin client systems meant that flash drives should not be required.
In response to a query from Councillor J Ranger, Members were advised that guidance from the Information Commissioner’s Office (ICO) stated that all Councillors and Officers were personally liable in respect of data protection and information security. The Head of Information, Customer and Parking Services stated that Members should register as data controllers based on the latest ICO guidance.
In response to a number of Members’ concerns, the Head of Information, Customer and Parking Services advised that Members could receive correspondence from residents that contained sensitive information and Members should be aware of their responsibilities in terms of retaining this information or disposing of it securely once a query was resolved.
The Committee received the report and did not identify any additional necessary actions.
RESOLVED – that the implementation of the Council’s Data Protection Action Plan be supported.