39 Data Protection Update PDF 77 KB
Minutes:
The Information Governance and Data Protection Manager introduced the report which provided an update on the council’s response to data breaches and subject access requests from 1st October 2024 to 1st April 2025.
The Information Governance and Data Protection Manager said that there had been 11 breaches in the period, none of which had required reporting to the Information Commissioner’s Office (ICO). He said that 9 of these breaches were due to incorrect email recipients, 1 was due to a BEAM data transfer error and the other due to an error in publication on the planning portal.
The Information Governance and Data Protection Manager said that in relation to the breaches, apologies had been issued to the affected data subjects, with recipients asked to confirm deletion of the data received. He said that responsible staff had been issued handling reminders and had retaken the data protection e-learning module.
The Information Governance and Data Protection Manager said that the incorrect data had been removed from the planning portal immediately, with the process updated to prevent further breaches. He said that there had been other preventive measures taken during the period, including updates to Council Tax account processes, assurance from software providers and attempted email recalls where applicable.
The Information Governance and Data Protection Manager said that the number of breaches remained acceptable given the volume of data which the council processed. He said that staff were effectively recognising and reporting any breaches within policy time limits and that the council’s data breach incidents and responses were audited in October 2024, receiving a substantial assurance.
The Information Governance and Data Protection Manager said that 11 Subject Access Requests were received in the period, all of which had been processed within statutory time limits.
The Chair thanked the Information Governance and Data Protection Manager for his report.
Councillor Nicholls said that the report was very reassuring and asked how the number of breaches council compared against other local authorities. She also asked if the date protection e-learning module had been effective.
The Information Governance and Data Protection Manager said that the number of breaches was regarded as normal, with any more than 20 in the period a cause for concern. He said that the annual e-learning training was mandatory for all staff, with a retake required by employees involved in a breach.
The Chair asked if there[PM1] was need for concern amongst residents who were required to provide personal details in an online form to obtain their bin collection cycles, asking if this was an increased threat.
The Information Governance and Data Protection Manager said that the need for the data should have been questioned.
The Director for Finance, Risk and Performance saidthat this matter had been raised at Leadership Team. He said that the process was being moved away from, and that residents would no longer have to to register their details to obtain the required information.
Councillor Hart questioned why the form had been intrusive in the first ... view the full minutes text for item 39