Issue - meetings

To consider policies for approval (report of the Assistant Director – Governance (Monitoring Officer) enclosed).

To review updated policies prior to Cabinet consideration (report of the Assistant Director – Governance enclosed).

Consideration was given to the report of the Assistant Director – Governance and Monitoring Officer which asked members to review the updated policies prior to Cabinet consideration.

The Group Manager for Information Governance and Data Protection Officer introduced the report and stated that the policies had been updated to comply with the latest statutory requirements, which included the new Data (Use and Access) Act 2025 (DUAA), and were to be aligned across the partnership. The key updates included:

• The introduction of a new statutory complaints process under the DUAA, which required a 30?day response deadline, which is outside of  the Council’s complaint process:
• A shift to proportionate searches for rights requests and subject access requests (SARs), replacing the previous requirement for exhaustive searches; and
• A new high?level approach to Records Management, focused on accuracy, security, retention, and transparency, supported by the Information Commissioners Office Code of Practice.

Members considered the report and made the following comments;

• Members asked for clarification on the term “port data” referenced within the Data Protection Policy.
  • The Group Manager for Information Governance and Data Protection Officer explained that this related to the GDPR right to data portability, whereby individuals may request that certain categories of their personal data be transferred to another organisation. It was confirmed that this transfer was not automatic and would only occur upon request, with engagement between the Council and the receiving organisation as appropriate.

·         Members raised the need for Member training on data protection, explaining that the policies were highly technical and that councillors routinely handled sensitive information.

o   The Group Manager for Information Governance and Data Protection Officer confirmed that training sessions had previously been delivered at the other partnership councils and that they would be willing to provide group training sessions on request, covering Data Protection and Freedom of Information, and agreed to liaise with Democratic Services to arrange sessions.

·         Members asked whether the Council had experienced data protection breaches and enquired about liability and insurance cover.

o   The Group Manager for Information Governance and Data Protection Officer advised that one voluntary report to the Information Commissioner had been made in the past twelve months. The Council, as data controller, carried liability for compensation where required, including liability relating to data processors. It was confirmed that insurance was in place, although claims would depend on the findings of loss adjusters, and that the existence of current policies formed part of the required control environment. Further information would be provided to the members outside of the meeting.

• Members asked if the Council could refuse a data portability request.
  • The Group Manager for Information Governance and Data Protection Officer replied that it was a qualified right, not an absolute one, and could be refused in defined circumstances. The Policy wording would be amended to reflect “right to request” rather than an unconditional right.

·         Members queried how identity was verified when a subject access request (SAR) was made verbally, particularly when documents such as driving licences were provided electronically.  ...  view the full minutes text for item 74