Issue - meetings

The Committee received an update on the Council’s management and assurance in relation to data protection.  The Committee was advised that the Council’s Data Protection Officer (DPO) continued to provide advice and guidance to the Council and, through formally agreed service level agreements (SLA), to the Unity Partnership, MioCare and 56 schools (directly maintained and academies) based primarily in Oldham.  Under the same SLAs, the Information Management Team continued to provide support and expertise across the wider information governance arena for these organisations, while also delivering an Information Governance Plus model SLA with Children’s Services to drive the implementation of information governance on a variety of services/projects: this arrangement was expected to come to a natural conclusion at the end of March 2022 when the current funding stream comes to an end.

The Data Protection Board continued to meet every two months to receive progress updates and to discuss information management requirements in relation to local and wider Greater Manchester Combined Authority (GMCA) activities: the increased number of local and GMCA initiatives that use personal information required full consideration of data protection implications.  Examples of joint working and activities undertaken were provided in the submitted report.  Actions in respect of the submissions for the Council’s Public Services Network (PSN) and Data Security and Protection (DSP) annual mandatory accreditations were advised, along with details of the impact of changes to the Data Protection Act 2018 on how requests for information should be handled by the Council.

A number of data protection incidents had been recorded since the beginning of the financial year and these continued to be actively managed by the Information Security Manager.  A concern was expressed as to the number of reported instances in the Children’s Services Directorate that dealt with vulnerable children and assurance was sought that no risk resulted from these breaches.  The Committee was advised that a robust investigatory system was in place which included a risk assessment to the person whose details may have been compromised.  A particular issue was with pasting content into emails which was also reflected in Information Commissioner statistics.  Work was undertaken via Team briefs etc to alert staff to these issues.  Further matters considered in the submitted report related to the consideration of cyber-attacks, the relocation of the Council’s central records, the continuing support provided to the Council and its partners, and issues related to the UK leaving the European Union.

RESOLVED that the report be noted.