Issue - meetings

The Information Governance and Data Protection Manager gave a brief summary of the report.

Councillor Townsend asked about data integrity and how the Council stored secondary back up and tertiary data.

The Information Governance and Data Protection Manager said that work on this was planned, and assurance would be sought from third parties about their data processes to ensure consistency.

Councillor Stowe asked what was done to protect data when Officers were working from home. He also asked what measures were in place to ensure that documents sent out in response to Freedom of Information (FOI) and Subject Access Requests (SARs) were properly redacted.

The Information Governance and Data Protection Manager said that the use of a hosted desktop when staff were working remotely provided a good level of data security. The Data Protection policy would also include a section on working remotely. Members were also advised that any FOI requests or SARs were checked by an Officer and then double checked by the Information Governance and Data Protection Manager.

Councillor Fernando asked whether the Information Commissioner’s Office (ICO) had advised any further action on the breach reported to them.

The Information Governance and Data Protection Manager said that he had chased a response from the ICO, which had not been received, although this suggested that the Council’s action was satisfactory.

The Chairman said that further General Data Protection Regulation (GDPR) training following an Officer error should be mandatory, rather than advised. He also said that it would be useful for the Committee to be updated on any response from the ICO.

The Information Governance and Data Protection Manager said he was happy to take this on board. The Head of Legal and Democratic Services said that mandatory training on GDPR was also a requirement in performance and development reviews.

Councillor Alder asked whether the stolen fly-tipping camera had been replaced more securely. The Information Governance and Data Protection Manager said he would look into this and respond to Members outside of the meeting.

Councillor Fernando asked whether GDPR training was being changed to reflect the fact that most breaches were caused by human error.

The Information Governance and Data Protection Manager said that he was currently reviewing the training and his intention was to make it more specific to the Council.

RESOLVED – that the report be received and considered.