Information Governance and Security - Review of 2023/24
Meeting: 30/09/2024 - Audit and Governance Committee (Item 36)
36 Information Governance and Security - Review of 2023/24 
PDF 939 KB
To receive an update on the Council’s arrangements for information management, information security, and requests for information received under relevant legislation during 2023/24.
Minutes:
The committee considered the report which provided an update on arrangements for information management, information security and requests for information received under relevant legislation during 2023-24.
The committee acknowledged the increase in Freedom of Information (FOI), Environmental Information (EIR) and Individual Rights (IRR) requests received during 2023-24 and thanked staff for their efforts in managing this additional workload. The committee noted that 78% of FOI/EIR requests withheld during 2023-24 were refused as they fell under ‘other exemptions’. Most of these other exemptions related to Section 21 FOIA and Section 6(1)(b) EIR (covering information which was already publicly available). The committee were pleased that in these cases, the requester was directed to the location of the published information. It was further noted that work was ongoing to proactively publish commonly requested information to assist in reducing requests and improving customer relations. It was highlighted that, in light of the councils ongoing fiscal challenges, a further increase in requests was anticipated for 2024-25. The committee agreed that it was important to monitor this and agreed that bi-annual updates would be helpful.
It was noted that the Information Assurance and Data Management Programme (IADM) had used the Gartner’s Enterprise Information Management Maturity Assessment Tool to monitor progress and provide a self-assessment to increase the organisations maturity. At the end of the financial year 2023-24, the council had achieved a maturity rating of ‘Managed’ and were working towards achieving a rating of “highly balanced” for 2024-25. The committee noted that whilst this was a self-assessment exercise, the rating and assessment were independently validated and moderated.
The committee queried data sharing with external organisations and received assurance that private and sensitive data sharing was limited and done on a minimal basis, sharing only the data required to fulfil requests.
RESOLVED (unanimously):
That the Audit and Governance Committee
1. Note the updates provided within the report.
2. Agree to receive bi-annual updates on FOI/EIR requests.