161 Data Protection Update PDF 244 KB
Minutes:
The Information Governance and Data Protection Manager introduced the report, which detailed fourteen reported data breaches for the period October 2022 – August 2023.
The Information Governance and Data Protection Manager said that one of these breaches was reported to the Information Commissioner’s Officer (ICO) approximately two months ago, and a response had not yet been received. He said that this normally indicated that the ICO was satisfied with the action taken by the council.
The Information Governance and Data Protection Manager said that human error was the most common reason for a breach, a list of which could be found within the report. He said that eleven Subject Access Requests had been made in the period, with all being processed and responded to within the statutory time limit.
Councillor Deering asked if the breaches due to human error where being made by the same person.
The Information Governance and Data Protection Manager said that two of the breaches were attributed to the same person, but that this individual had now received training and the training shared with other staff to avoid recurrences. He said the level of breaches remained stable and were of no concern.
Councillor Nicholls asked if there was any help available to those who were caused distress by a data breach.
The Information Governance and Data Protection Manager said that incidents were taken on a case-by-case basis, and that advice and actions were given. He said that there had not been any incidents where emotional stress had been caused, but this external support/counselling could be sought should this occur.
The Chairman asked if the council had an ‘annual cull’ of the data which it held.
The Information Governance and Data Protection Manager said that the council had policies and schedules in place which ensured the destruction or archiving of data.
The Chairman thanked the Information Governance and Data Protection Manager for this report.
RESOLVED - the content of the report be noted, and any observations provided to the Information Governance and Data Protection Manager.