Agenda item

To receive the report of the  Director of Resources and the Director of Adults and Health to  provide Corporate Governance and Audit Committee with an annual report on the arrangements in place within Leeds City Council with regards to information management and governance in order to provide assurance for the annual governance statement.

The report of the Director of Resources and the Director of Adults and Social Health provided assurances to the Corporate Governance & Audit Committee on the effectiveness of the council’s information management and governance arrangements that they are up to date, fit for purpose, effectively communicated and routinely complied with, as well as arrangements that are in review or development in order to keep pace with developing risks or changes to legislation and guidance. This report also included the annual report of the Caldicott Guardian to provide assurance to the Committee of the arrangements in place with regards to the confidentiality of service-user data.

The Head of Information Management and Governance attended the meeting and highlighted three key points from the report:

·  The Council had maintained its Public Services Network (PSN) certificate which was achieved in October 2022 which ensures that the Council can continue to share information securely.

·  Internal Audit had recommended an improvement for the oversight, recording and completion of Data Protection Impact Assessments. Significant work has been done on this and in December 2022 in line with the Council’s Digital Strategy work started with Integrated Digital Services (IDS) to create suitable technology to support the process. Members were advised that this new process and software is due to go live in April 2023.

·  Performance in relation to Information Requests had again improved from the previous year and with significant changes made earlier in the year performance had reached just under KPI target of 90% in Q2. It was recognised that consistency had been issue due to ongoing resource pressures. However, there were short term and long term plans to improve this.

·  It was noted that a report with full details was due to go to Scrutiny Board Strategy and Resources on 20^th February 2023.

Member’s discussions included:

·  Acknowledgment of a detailed report to Scrutiny Board.

·  Improvements required to KPI’s and benchmarking figures should be looked in to.

·  Reports when released should be published with an announcement and done quickly.

·  It was suggested that there should be links from the Information Management Board to CLT. It was noted that the Board was currently being reviewed and with a view that it should be an assurance board. There would be regular reporting, more information in relation to statistic and Data Protection Impact Assessments and the number of data sharing agreements and incidents that the Council has. Members were advised the Head of Internal Audit is a member of the Board and could be the link to CLT.

·  It was noted that training in relation to GDPR had been ongoing and was due to close. Members were informed that 50 members of staff had still not completed the online training and their accounts would be locked until the training had been completed.

·  It was recognised that current risks in relation to information governance and business risks were reviewed differently. Members were informed that a review was ongoing to review how risk is reported and Information Management and Risk Management were looking to centralise the co-ordination of reporting information risks. It was noted that the risk scores could be followed up and provided to Members. The Committee acknowledged that work was taking place to provide actions rather than a line of text on how risks were being mitigated.

·  Members were informed that if information is already in the public domain, the team refuse the Freedom of Information request but provide the links where it can be accessed. It was noted that data for this can be provided to the Committee. It was also noted that the aim is to publish as much information as possible and work is ongoing to look at trends with the aim or linking information into the triage process.

·  Members acknowledged that Information Governance was not just about Freedom of Information and Data Protection but also about Records Management. The team were in the process of setting up an Information Strategy which would work the next three to five years in how the Council process information. This would mean that information could be tagged making it easier to find and provide security marking. Costs are not currently done within this authority, but it is something to look at going forward. Members welcomed the work being undertaken to provide as much information as possible in the public domain making it easier for the public to access and reducing the workload for the team.

·  The Committee were advised that some authorities had adopted Artificial Intelligence in relation to requests for information. This was being looked in to for the future. The Committee agreed this approach would be good and make Information Management more efficient.

The Chair asked the question if the website was being looked at in relation to providing more information having a customer facing part and a democracy system. The Committee were informed that the review of the Council’s website had not been considered but the suggestion was good and would make searching for information more efficient.

It was noted that the performance information on page 27 of the agenda pack was incorrect. Members were advised that the information would re-calculated.

The Chair thanked the officer for attending.

RESOLVED - To note the contents of the report and the assurance provided as to the Council’s approach to information management and governance.