Agenda item

To consider a report by the Director of Resources and Housing which sets out details of the steps being taken to improve Leeds City Council’s information governance in order to provide assurance for the annual governance statement.

(Report attached)

The Head of Information Management Governance submitted a report of the Director of Resources and Housing which presented the annual assurance report to the committee on Information Governance.

Committee noted the re-structure of the Information Governance Management Team and the new senior leadership accountabilities for Information risk necessitated by the retirement of the Deputy Chief Executive.

Members received varying levels of assurance in respect of;

Cyber Assurance and Compliance – where limited assurance was reported as the council no longer meets Public Service Network (PSN) certification requirements.  It was reported that arrangements were in place to meet monthly with the Cabinet Office to work towards meeting an action plan agreed with the Cabinet Office in order to regain certification.

Members queried what the impact was on the Council’s business by not having PSN certification. 

The Head of Information Management Governance assured the committee that this did not impact on current service delivery as the council still had access for example to .GCSX email accounts and Department of Work and Pensions Systems. 

Members commented that Cyber Security training and awareness for staff and members should be a priority and that consideration should be given to undertaking tests to establish whether the training was effective. 

The Head of Information Management Governance agreed to feed this back to the PSN Remediation Board for further consideration.

Members discussed the arrangements whereby employees and councillors who had left the council had their access rights removed. 

Members’ also indicated their wish to receive an update on progress on regaining PSN certification in September 2017.

Information Access and Compliance – where full assurance was provided that processes and procedures were in place to facilitate citizens’ rights to request and had provided information under the Data Protection Act and the Freedom of Information Act. 

Members noted the further additional work was required to meet the more stringent requirements of the new General Data Protection Regulations when they come into force in May 2018 and the outstanding actions agreed with the Information Commissioners Office in 2013 following concerns relating to the processing of personal data.

Members commented that the Council must strive to be as open as possible and not, as had been experienced from other public bodies in recent scrutiny inquiries, attempt to misuse the term Personal Data to what is generally regarded as public information.

A member raised a concern relating to child protection issues and whether, out of normal working hours, duty officers would have access to the necessary information to help support vulnerable people at a time of crises. 

The Head of Information Management Governance agreed to respond to the member concerned.

Members requested that the correspondence from the Cabinet Office in relation to the withdrawal of PSN Certification be circulated to Members of the committee.

Members also sought clarification as to what interim measures were undertaken on contracts where the requirements of the contract related to the control or processing of personal data.

The Head of Information Management Governance confirmed that letters were sent to all such contractors to remind them of their responsibilities under the Data Protection Act and that now all contracts of this nature include specific contract terms relating to these responsibilities.

Records Management – where reasonable assurance was provided that processes and procedures were in place to provide a framework to deliver data protection compliance.

Members commented that the retention periods for contracts, particularly in respect of financial information on PFI contracts, need to be as long as possible to help inform future contract negotiations and aid transparency.

Members noted the position with regard to the INSPIRE Standards and the steps being taken to publish more geo –spatial data sets.

RESOLVED –

(i)  To note and welcome the assurance provided at paragraph 10.2 of the submitted report that the information governance practice and procedures outlined in the report provided a level of assurance to the Committee

(ii)  That a further report be brought back to the Committee in September which will specifically address the issue of Cyber Assurance and Compliance