This report provides an update on the actions in progress to improve the Council’s policies, systems and processes around Information Governance.

The Committee considered a report outlining the actions in progress to improve the Council’s policies, systems and processes for Information Governance, following several limited assurance reports in this area up to Quarter 2 of 2025/26.

The report provided an update on: the action being taken to address the backlog of Subject Access Requests; the on-time responses to FOI requests, which stood at 87% in Quarter 1 and at 87.2% so far in Quarter 2.  (The report gave further details of the errors in the last report to Committee in April 2025, which had been reported on the Minutes at the meeting on 16 July 2025, explaining that the data and processes had been reviewed, and the final total on-time responses in 2024/25 had been 74%); the Data Transparency pages updates; the work of the Information Governance Board; the Information Management Strategy, whichset out the Council’s approach to information management and governance; and uptake of the compulsory Cyber Security and GDPR training for all staff and Members, which was between 26 and 37% completed as at 9 September 2025.

The report also contained further information on the cyber security programme, giving details of cyber incidents, suspicious email and security trends and upcoming security changes.

The report stated that the current focus would be on user acceptance training on the redaction software, continuing the work with the Data Stewards Network and further communications to the organisation about the importance of completing the information governance and cyber security training. 

It was noted at the meeting that it was important that Councillors maintained their cyber resilience, as they could potentially be a weak link, due to their public-facing role, and it was suggested that the cyber-resilience information shared with managers at a recent Teamtalk event could usefully be shared with members of the Committee by providing a briefing before a future Committee meeting.

Resolved:    

(1)       That the progress made to date and the planned future actions be noted;

(2)       That the Executive Director of Resources arrange for a briefing by the Assistant Director of Digital and IT for Committee members before a future Committee meeting on the cyber-resilience information shared with managers at the recent Teamtalk event.