Issue - meetings
Meeting: 11/06/2024 - Cabinet (Item 16)
16 DATA PROTECTION POLICY 
PDF 423 KB
Additional documents:
- Appendix 1 - EXISTING - data_protection_policy_may_2018, item 16
PDF 76 KB
- Appendix 2 - REVISED - Data Protection Policy DRAFT, item 16
PDF 776 KB
Decision:
RECOMMENDED: That the reviewed Data Protection policy as set out at Appendix 2 of the Cabinet report be endorsed.
Reason for Decision
To ensure that the Council’s Data Protection policy is up-to-date and formally approved.
Minutes:
Click here to view the recording of this item on You Tube
The Corporate Governance Manager presented a report which explained that the existing BCKLWN Data Protection policy was overdue for review. An internal Audit review conducted in August 2023 identified that the existing policy had not been reviewed since 2018.
A light touch review had been conducted by the Deputy SIRO in 2022 but the revised policy did not go through the formal Tier 1 policy approval process.
The Information Governance Officer had since reviewed and enhanced the policy. Most of the changes were non-material and were listed in the report at 2.2. The Policy had been benchmarked against other best practice policies and Information Commissioner’s guidance.
If approved by Cabinet, the policy will be placed on the intranet and an all-staff email will inform officers and members of the updates and how to access the policy.
Under standing order 34, Councillor Kemp questioned what the Council’s data security procedures were on IT data protection. The Governance Manager explained that the majority of it came under the Council’s ICT and cyber security policies, but much of the Council’s information was held in the Microsoft cloud with their associated security which was deemed acceptable. She also explained that there were no significant breaches, and only 1 reportable occurrence to the Information Commissioner.
In response to questions, the Corporate Governance Manager explained that the Information Asset Register was a record of the information held by each department by owner, controller, and processer categories.
It was noted that the Corporate Performance Panel had supported the amended policy.
RECOMMENDED: That the reviewed Data Protection policy as set out at Appendix 2 of the Cabinet report be endorsed.
Reason for Decision
To ensure that the Council’s Data Protection policy is up-to-date and formally approved.