This report provides an update on the actions in progress to improve the Council’s policies, systems and processes around Information Governance.

The Committee considered a report outlining the action underway to improve the Council’s policies, systems and processes for Information Governance following several limited assurance reports in this area.

The report provided an update on: the action being taken to address the backlog of Subject Access Requests; the on-time responses to FOI requests, which stood at 45.7% in Quarter 2, down on the 73.1% recorded in Quarter 1 of 2024/25; the ongoing work to increase FOI responses within the required timescale to 90%, as expected by the Information Commissioner’s Office; data transparency; the work of the Information Governance (IG) Board; the Information Management Strategy, which set out the Council’s approach to information management and governance; and uptake of the compulsory Cyber Security training for all staff and Members, which would be followed-up to improve compliance.  In relation to the latter, data on the completion of the training by RBC employees showed 94% of IT users had completed the Cyber Security and GDPR modules. The completion of the training by BFfC staff was at 78.1% for both the Cyber Security and the GDPR module. 

The Committee noted that the poor response rate of FOIs sent out within timescale in Quarter 2 was attributed to the issues from go live with the new system, as explained in the report. The system issues that had been experienced, leading to this dip in performance, could not have been picked up during system testing.  Since corrections had been made to the system and reports had been put in place, Quarter 3 data showed considerable improvement with 77.8% in October and 78.8% in November of responses going out in time.  However, the Committee noted that on time responses from BFfC remained disappointingly low at 63.2% and requested that an appropriate BFfC officer should attend the next meeting to explain the reasons for this persistent poor performance.

Ade Marques, who had been recently appointed as the Assistant Director IT & Digital, attended the meeting and provided an update on the cyber security programme, which consisted of the following areas of focus: User Education & Management; Pro-active Monitoring and Remediation; and Security Projects with the aim of achieving Cyber Assessment Framework accreditation.

The report stated that the current focus would be on: continuing the work with the two groups of Data Stewards; and training and user acceptance training on the redaction software.

Resolved:     

(1)        That the progress being made to improve the Council’s Information Governance be noted and the future actions outlined in the report be endorsed;

(2)        That the Assistant Director of Legal & Democratic Services be asked to invite an appropriate officer from Brighter Futures for Children to attend the Committee to explain the issues they were experiencing that had prevented responses being made to FOIs in a timely manner;

(3)        That updates on the cyber security programme be included regularly in future Information Governance Update reports.