Decision details

The Committee received a report from the Information Governance Manager regarding an annual report on performance and activity during 2017/18 on transparency issues. This included data protection; requests for information under Freedom of Information (FOI) and Environmental Information Regulations (EIR); and open data.

In response to members’ questions about system reviews (p54) the Information Governance Manager said the following:

       i.          (Reference paragraph 3.9 on p65).

a.    The decision was made to notify the Information Commissioners Office of the malware incident affecting one computer, to enable individuals to safeguard themselves from any potential risk.

b.    The Council had a tool kit to follow, which recorded decisions made and reasons for them.

c.    There was a small risk of data breach so the Information Commissioners Office was notified. The Council tried to identify which people had been affected and then contacted them. There was no noticeable impact on people eg privacy breaches. Findings were pending from the Information Commissioners Office.

     ii.          (Reference paragraph 3.38 on p72). Under GDPR, the public have a Right of Access which is equivalent to Subject Access Requests (SAR) under DPA 1998. The Council was unlikely to see a surge in requests for information. People who were disgruntled with the Council were more likely to submit information requests to the council than the general public.

Councillor Dalzell proposed an amendment to the incident type table (reference paragraph 3.7 on p64). Requested a new column be added in future setting out risk/impact information.

The Committee unanimously agreed the amendment.

Unanimously resolved to note the changes to information legislation under GDPR & Data Protection Act 2018 in May 2018.