The Strategic Lead for Information Management presented the report which outlined the performance and statistics for Freedom of Information and Data Protection for the year 2016/17.

Councillor Collins queried what Bilfinger Europa was, in the chart at 2.18 of the report.  It was confirmed that Bilfinger Europa was the Council’s facilities contractor.

Jason Oliver noted that the figures were rising whilst the time taken to respond was falling, which in itself served as a cost-saving exercise, and congratulated officers for their efforts.

The Chair added that in the digital age information should be more easily retrievable.  The Committee heard that the department’s main focus was to get more information online, as there were still a number of requests refused as they exceeded the cost threshold.  Freedom of Information requests would still require old, paper records to be included. 

The Chair asked how far back data was required and how easy it was for officers to search email records by content rather than just subject matter.  The Strategic Lead for Information Management clarified that there were not many requests for records of emails relating to a specific subject, enquiries generally referred to specific service areas.  If an individual requested policy documents or information relating to costs any information held by the council would have to be found and provided.  The Information Management department was not responsible for each request; they were passed to relevant service areas.  As for how far back information should date, the Council should comply with its document retention policy and records should be deleted in-line with this policy.

Councillor Collins asked whether officers were confident the Council was on target to meet the General Data Protection Regulations (GDPR) deadline.  Members assured that the Chief Internal Auditor would audit the Council’s GDPR position and a report would be brought to the Committee.  There were 9 months until the deadline and much to be done.  While it was likely not everything would be complete the Council would have to prove there was a plan in place, the issue would be if a breach were reported the Council would need to provide an action plan with delivery dates.  The Strategic Lead for Information Management was confident that the council was making progress in GDPR.

Jason Oliver recalled that the Data Protection Bill had stipulated the age of a minor as 13, not 16.  He asked whether that would alter the situation within Children’s Services.  The Bill had been very recent and as such the data set for Children’s Services had not been fully considered yet.  

The Chair asked about the EUs right to forget policy.  The Committee was advised that a key change within the GDPR was enhanced rights of the individual, including the right to ask to be ‘forgotten’.  There were exceptions depending upon why the Council needed to retain the data, such as for legal reasons, and the right was not inherent.  Part of the GDPR action plan was information assets and the Council was revisiting the basis for processing data to ensure it was GDPR compliant.

RESOLVED:

The Standards and Audit Committee notes the performance and statistics for 2016/17 for both FOI and Data Protection.