Agenda item

This annual report of the Director of Strategy and Resources and Director of Adults and Health presents assurances to the Corporate Governance & Audit Committee on the effectiveness of the council’s information management and governance arrangements through a statement of internal control.

In addition, the report this year presents the Information Commissioner's Office (ICO) Audit Report of Leeds City Council’s compliance with the UK General Data Protection Regulation (GDPR).

At the Chairs discretion this item was moved up the agenda.

This annual report of the Director of Strategy and Resources and the Director of Adults and Health presented assurances to the Corporate Governance and Audit Committee on the effectiveness of the council’s information management and governance arrangements through a statement of internal control. In addition, the report this year presented the Information Commissioner's Office (ICO) Audit Report of Leeds City Council’s compliance with the UK General Data Protection Regulation (GDPR), for which Members are to be assured that an action plan is in place to address the recommendations.

The Caldicott Guardian gave assurance to Members of the arrangements in place with regards to the confidentiality of patient and service-user data.

The Head of Information Management and Governance presented the report and highlighted the following points:

·  In relation to information requests the service is now consistently hitting the current key performance indicator and has been for the last seven to eight months. It was acknowledged that further work was still required to improve performance. It was noted that this was due to changes made in the team and to process changes and how the team engage with other services.

·  Internal Audit had provided a recommendation to improve oversight, recording and completion of data impact assessments. It was noted that this piece of work had proved challenging to address the issues raised but the Service had also wanted to ensure that it was embedded for the future. After a number of delays the Microsoft Power App will be introduced. Staff were now undergoing training and a communication and implementation plan had been developed. Its first use will be at the end of 2023-24 financial year.

·  The Service is in the process of developing a Formal Information Assurance Framework and this should be ready for use in 2025. This followed a recommendation by the ICO.

·  The report of the ICO and Caldicott Guardian was in full for Members information with no redactions. The Service welcomed the views of the ICO and the support that they had given. It was accepted that there was a need for improvement and the team were already on with the Information and Governance Programme. To keep Members updated the Service requested reports be presented at mid-year and end of year.

In response to questions from Members the Committee were provided with the following information:

·  It was noted that Internal Audit were going to work alongside the Service for the implantation of the recommendations.

·  Mandatory training is undertaken every two years with all Council staff and the last training was in 2022 when there was a 100% completion rate. The next training will take place in September 2024.

RESOLVED – To:

a)  Consider the contents of the report and assurances provided within the Council’s Corporate Information Management and Governance Statement of Internal Control.

b)  Note the outcome of the ICO Data Protection Audit, acknowledging the areas for improvement, and agree to receive mid-year and end of year action plan progress update reports.