All staff and Members of local authorities are obliged to comply with the Data Protection Act 1998 (the Act) which required individuals personal data we hold to be processed securely.  Breaches of the Act can result in serious financial and reputational harm to both the Council and to those whose information we hold.  The Information Commissioner had the power to issue penalties up to £0.5m in such cases.  To effectively manage these risks, the Council had engaged a locum information governance lawyer to review the Council’s compliance with the Act.  A key aspect of the ongoing work was to be ensure relevant policies exist and that these were current and effective in helping to manage business risk.  These policies were presented for Members’ consideration and approval.    

Cllr Mrs McKinlay MOVED and Cllr Kerslake SECONDED the recommendations within the report and following a discussion a vote taken on a show of hands it was

RESOLVED UNANIMOUSLY that  

1.    The proposed six policies appended to the report be approved by Members. 

2.    Delegated authority be granted to the Senior Information Risk Officer (currently the s151 Officer) acting in consultation with senior officers, the Chair of the Policy, Projects and Resources  Committee and Monitoring Officer to make any minor adjustments or in respect of any changes in law as necessary. 

Reason for recommendations

To assist in achieving effective compliance with the requirements of the Data Protection Act, so enabling the Council to keep related business risk to a minimum.