Agenda item

Update on Information Governance

Meeting of Cabinet, Tuesday, 26th June 2018 6.00 p.m. (Item 11.)

(Cabinet Member with Special Responsibility Councillor Blamire)

Report of Interim Head of Legal & Democratic Services

Minutes:

(Cabinet Member with Special Responsibility Councillor Blamire)

Cabinet received a report from the Interim Head of Legal & Governance that provided an update on progress made with the GDPR compliance action plan now that the critical date (25^th May 2018) had passed and a summary of the relevant policies to note. The report also advised Councillors of their responsibilities in relation to information that they were party to as a Councillor.

The options, options analysis, including risk assessment and officer preferred option, were set out in the report as follows:

	Option 1: To continue to implement the GDPR compliance action plan and accept the updated policies	Option 2: To take no action
Advantages	Greater protection for the council from enforcement action from the ICO should a breach occur. Better knowledge of the Council’s information and more coherent processes for the creation, storage, use, disposal and destruction of data across the council. Staff are trained and aware of their obligations and how to use and share information more efficiently which in turn should promote improved inter-departmental working.	None
Disadvantages	The extensive work required to ensure compliance is time consuming and onerous for all departments at the Council but the Council’s legal obligation will not diminish if we simply ignore the new regulations.	The Council will be at risk of partial compliance which would not protect itself from action from the ICO if an error occurred.
Risks	Moderate. Council is not compliant and although there is a forward plan in place there is still comprehensive work to be done to bring the Council in line with the new regulations.	High. Failing to execute the plan or have a plan in place puts the Council at risk of a fine if there is a data breach which could total up to £17million.

Option 1, to note the information provided and for Cabinet to continue to champion the roll out of the plan for compliance from the highest level was the officer preferred action.

Councillor Blamire proposed, seconded by Councillor Clifford:-

“That the recommendations, as set out in the report, be approved, and that officers be requested to give consideration as to how to make e-learning more councillor focused.”

Councillors then voted:-

Resolved unanimously:

(1) That the progress to date be noted.

(2) That the new policies be noted, and Cabinet continue to support the Council’s work to ensure compliance with the new Data Protection Regulations.

(3) That Cabinet recognise that Councillors have personal liability for the information that they hold, and how it is used, stored, distributed and destroyed.

(4) That officers be requested to give consideration as to how to make data protection and other e-learning available to Councillors.

Officer responsible for effecting the decision:

Interim Head of Legal & Governance

Reasons for making the decision:

The decision is consistent with the Corporate Plan priority of Community Leadership - commitment to good governance, openness and transparency. Improving the compliance and data security measures within the Council will help to evidence to the ICO that we are committed to the safety, security and appropriate sharing of information and will demonstrate to the residents of Lancaster that we are working to ensure that their rights in relation to information and data protection are upheld.

Supporting documents:

1806 Cabinet report regarding new policies and GDPR progress, item 11. PDF 227 KB