Issue - meetings

Data Protection and Information Security Update Report

Meeting: 06/10/2022 - Corporate Governance and Standards Committee (Item 35)

35 Data Protection and Information Security Update Report pdf icon PDF 93 KB

Additional documents:

Minutes:

The Committee considered a report from the Information Governance Officer that provided an update on developments in data protection and information security within the council since the last report of April 2022. The report covered governance successes, information assurance successes and objectives for the coming six months.

 

During the debate, the following points were made:

 

·       In response to concerns over the poor take-up of cybersecurity training and the need to ensure that those who need the training actually receive it, the Information Governance Officer commented that he had highlighted the need for the training at the Privacy and Information Group, and that, since the report had been written, a number of officers had received the training. Further emails would be sent to publicise the training.

·       It was suggested that the uptake of the training by both officers and councillors should be monitored, and the details reported to the Committee in the next report

 

The Committee

 

RESOLVED: That the update report be noted, and that the report be presented annually to the Committee in future.

 

Reason:

To ensure that the Committee is kept up to date with developments in the Council’s data protection and information security framework.

 

Action:

Officer to action:

To include in the next report details of the uptake of cybersecurity training by both officers and councillors

 

Information Governance Officer

To provide the update report annually in future.

 

 

 

Information Governance Officer/Democratic Services and Elections Manager

 

 


Meeting: 21/04/2022 - Corporate Governance and Standards Committee (Item 68)

68 Data Protection and Information Security Update Report pdf icon PDF 219 KB

Additional documents:

Minutes:

The Committee considered a report from the Information Governance Officer that provided an update on developments in data protection and information security within the council since the last report of September 2021. The report covered governance successes, information assurance successes and objectives for the coming six months.

 

Details of progress made with the objectives identified in the previous update report to the Committee in September 2021, that were not referred to in the report on the agenda were set out on the Supplementary Information Sheet.

 

During the debate, the following points were made:

 

·       A request for further, more detailed information to be provided in future reports including commentary on the Council’s performance in relation to data security – in particular whether there had been any breaches of data security and, if so, details of any such breach and measures put in place to prevent a recurrence.  It was confirmed that there had been no serious breaches of data security.

·       In response to a question as to how the Council ensures data security with staff working remotely and a suggestion that the Council should test its data security measures periodically with staff with, for example, trial phishing emails, the Information Governance Officer confirmed that during the pandemic staff were alerted on a number of occasions to data security risks whilst working from home; he also indicated that measures to test staff awareness would be considered in future.

·       It was suggested that the cybersecurity training for staff should also include councillors.

·       It was noted that the timescale for conducting external and internal security penetration tests of council-wide systems, was this year as part of the annual penetration testing.

 

The Committee

 

RESOLVED: That the update report be noted.

 

Reason:

To ensure that the Committee is kept up to date with developments in the Council’s data protection and information security framework.

 

Action:

Officer to action:

·       To provide more detailed information in future reports including commentary on the Council’s performance in relation to data security – in particular whether there had been any breaches of data security and, if so, details of any such breach and measures put in place to prevent a recurrence. 

 

·       To provide cybersecurity training for councillors.

 

 

Information Governance Officer

 

 

 

 

 

Information Governance Officer/Democratic Services and Elections Manager

 


Meeting: 23/09/2021 - Corporate Governance and Standards Committee (Item 32)

32 Data Protection and Information Security Update Report pdf icon PDF 221 KB

Additional documents:

Minutes:

The Committee considered a report from the Information Governance Officer that provided an update on developments in data protection and information security within the council since the last report of April 2021. The report covered governance successes, information assurance successes and objectives for the coming six months.

 

During the debate, the following points were made:

 

·       Whether the Council was insured against any financial penalty for a breach of the GDPR provisions.  

·       Request for progress on the objectives in the report to be set out in the next report to the Committee, together with a confidential appendix showing the risk register in respect of data protection and information security.

·       Whilst the review of the policy of redacting photographs in respect of Planning applications published on the Council’s website and replacing it with a policy of only redacting photographs that contained personally identifiable data or images was welcomed, it should not be considered as a “success”.

 

The Committee

 

RESOLVED: That the update report be noted.

 

Reason:

To ensure that the Committee is kept up to date with developments in the Council’s data protection and information security framework.