Our Information Governance Strategy
We want information governance to play a central role in helping the Council maximise the value of its information.
Our vision
Information governance will play a central role in helping the Council maximise the value of its information and reduce associated costs and risks. This will manifest itself in multiple ways, including a reduction in the volume of outdated and useless information stored, as well as fewer data breaches. Most information will be managed in an automated way (through machine-based learning and big data techniques and technologies) to drive significant internal value from our information.
Delivering Our Priorities
Priority 1 – Championing Openness and Transparency
- we will instil an Information Governance (IG) culture in the Council through increasing awareness and providing training on the key issues
- we will ensure that clear advice is given to service users, families and carers about how their Personal Data is recorded, handled, stored and shared by the Council and its partners
- we will ensure that non-confidential information about the Council and its services is readily and easily available through a variety of media, in line with the Council’s FOI (Freedom of Information) Publication Scheme
- we will implement policies to ensure compliance with the Freedom of Information Act
- we will have clear procedures and arrangements for liaison with the press and broadcasting media
- we will have clear procedures and arrangements for handling queries from service users and the public
- we will ensure information systems hold only the information required to support service and operational management
- we will ensure that, where appropriate and subject to confidentiality constraints, information is shared with partner organisations
Priority 2 – Effective Management
- we will maintain a clear reporting structure and ensure through management action and training that all staff understand IG requirements
- we will undertake regular reviews and audits of how information is recorded, held and used
- we will develop information systems and reporting processes which support effective performance management and monitoring
- we will support corporate, financial, and governance requirements
- we will monitor and proactively manage performance targets for information requests, e.g. FOI and SARs
- we will set clear targets to tackle the shift in culture, specifically regarding communicating and educating staff on IG topics and considerations, monitoring completion of mandatory IG training, and tracking compliance. Additional targets may also be set locally by DLTs recognising that one size does not fit all. Ultimately, any measures or targets set should cascade down into Performance Review objectives
- we will undertake annual review of policies and arrangements for openness
Priority 3 – Legal Compliance
- we will ensure all practices and procedures relating to the handling and holding of Personal Data are legal and conform to best and or recommended practices
- we will regard all Personal Data relating to service users as confidential
- we will establish and maintain appropriate policing, incident reporting procedures and Management Information Systems to enable monitoring and investigations
- we will ensure all our systems are compliant with the Data Protection Principles and enable the rights of individuals
- we will establish and maintain policies to ensure compliance with the Data Protection Act, Human Rights Act, and the common law duty of confidentiality and all associated guidance
- we will promote effective confidentiality and security practice to ensure all permanent and temporary contracted staff and third-party associates of the Council, adhere to this via appropriate laid down policy procedures, training and information awareness schemes and documentation
Priority 4 – Information Security
- we will provide clear advice and guidance to staff and ensure they understand and apply the principles of Information Governance to their working practice in relation to protecting the confidentiality and security of Personal Data.
- we will ensure the safe keeping and handling of Council business information, ensuring compliance with appropriate legislation
- we will maintain an Information Security and Cyber Policy along with respective procedures for effective policing and secure management of all information assets, resources, and IT systems
- we will ensure there are robust procedures for notifying and learning from IG breaches and incidents
Priority 5 – Delivering Innovation and Value
- we will ensure that when service developments or modifications occur, a review is undertaken of all aspects of information governance arrangements to ensure they are robust and effective, including a DPIA as appropriate
- we will ensure procedures are reviewed to monitor their effectiveness so that improvements or deterioration in information handling standards can be recognised and addressed
- we will be compliant with the Data Security and Protection Toolkit (DSPT) and develop and implement action plans to ensure continued improvement
- we will regard all Personal Data as confidential except where national policy on accountability and openness requires otherwise
- we will conduct information audits throughout the organisation to improve our disposal schedule and our register of information assets
- we will establish and maintain policies for the controlled and appropriate sharing of service user information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act, Crime and Disorder Act, Protection of Children Act)
Priority 6 – Quality Assurance
- we will establish and maintain policies and procedures for information quality assurance and the effective management of records
- we will ensure that key data relating to service users is accurately recorded and maintained, including regular cross-checking against source data to ensure that managers are required to take ownership of and seek to improve the quality of information
- we will promote information quality and effective records management through policies, procedures and user manuals and training
Priority 7 – Reduction in Paper Records
- we will scrutinise and challenge all incoming paper deposits to identify workstreams that could be digitalised
- we will research historic trends for teams depositing paper records and proactively engage with them about alternative digital solutions
- we will provide advice through face-to-face, OurSpace, training, and workshops
- we will undertake a cross directorate audit of paper in the authority to establish a position statement and forward plan of areas for improvement
- we will create digital solutions to re-engineer and replace existing paper processes
- we will cease the creation of paper records unless legally required or alternative digital solutions are non-viable
- we will support Council services in digitising paper records where appropriate
- we will invest resources into reducing the disposal backlog, establishing an ongoing programme to dispose of old paper records once they reach their retention date