Issue - meetings

To advise members in respect to the Council’s activity and compliance with Data Protection, Environmental Information Regulation and Freedom of Information requirements (report of the Group Information Manager and Deputy Data Protection Officer enclosed).

Consideration was given to the report of the Group Information Manager and Deputy Data Protection Officer which advised members in respect to the Council’s activity and compliance with Data Protection, Environmental Information Regulation and Freedom of Information requirements.

The Group Information Manager and Deputy Data Protection Officer introduced the report which included the following main points:

• 645 information requests were received during the year, with 74 under Environmental Information Regulation (EIR);
• 97% of requests were responded to within statutory deadlines, exceeding the Information Commissioners Office’s (ICO) ‘adequate’ target of 90% and meeting the ‘good’ target of 95% for most months;
• Exemptions were applied to 135 requests, typically where information contained personal data or related to law enforcement. This demonstrated the Council’s commitment to transparency while complying with legal requirements;
• 52 requests were refused because the information was already publicly available;
• 6 internal reviews were requested but the original decision was upheld in all cases;
• No complaints were referred to the ICO;
• Under Data Protection, 51 data incidents were reported, none resulting in harm or claims;
• 14 Subject Access Requests (SARs) were completed, with one invalid request;
• 155 third-party requests were processed, such as from HMRC, police and other councils, which ensured compliance before disclosure;
• The Information Governance team continued to monitor compliance, support data sharing arrangements, and undertake impact assessments where processing changes occurred. Risks were managed through operational risk registers; and

·         The Council demonstrated transparency by publishing information and supporting public engagement through Access to Information regulations and the Transparency agenda.

Members considered the report and made the following comments:

• The Committee thanked the Information Governance team for achieving performance targets and maintaining compliance.

• Members asked whether any trends had been identified in FOI requests and whether this had identified appropriate action to be taken.
  • The Group Information Manager and Deputy Data Protection Officer advised that requests varied by local issues, with recent increases relating to waste collection and media enquiries. Where high volumes occurred, service managers were engaged to improve proactive publication.

• Members queried the timeliness of responses where deadlines were missed.
  • The Group Information Manager and Deputy Data Protection Officer confirmed that of five late responses in October 2025, delays were only by one or two days. Longer delays were due to operational pressures and resource constraints.

• Members referred to point 2.2.4 of the report in respect of data incidents reported to the Data Protection Team and queried this indicated a need for additional training.
  • The Group Information Manager and Deputy Data Protection Officer explained that common breaches included letters sent to incorrect addresses and misdirected emails within the  partnership. PSPS worked closely to identify root causes and lessons learned. Measures such as double verification were considered, but consideration of proportionality needed to prevail given the low impact of incidents.

• Members queried whether the auto-complete function in Outlook had been disabled to prevent misdirected emails.
  • The Group Information Manager and Deputy Data Protection Officer confirmed that the issue was reviewed regularly. Disablement of the feature was considered  ...  view the full minutes text for item 33