The Committee considered a report from the Information Governance Officer that provided an update on developments in data protection and information security within the council since the last report of September 2020. The report covered governance successes, information assurance successes and plans for the coming six months.
The Lead Councillor with portfolio responsibility for governance hoped that the Committee would be reassured about the Council’s continuing investment of resources into data security, and the ongoing work in this area.
During the debate, the following points were raised:
· The need for regular mandatory refresher training for staff on cybersecurity to avoid complacency. It was also suggested that such training should also be provided to councillors.
· It was suggested that one method of testing the organisation’s resilience to cybersecurity threats could include sending fake phishing emails to staff to gauge the extent to which staff respond to such emails. This suggestion would be raised with the Information Assurance Officer.
The Committee
RESOLVED: That the update report be noted.
Reason:
To keep the Committee informed of progress with various data protection and information security initiatives that had taken place since the last annual report.