Agenda item

To approve the revised Data Protection Policy following consideration by Audit & Governance Committee in March 2023. 

8.1            Attention was drawn to the report of the Director: Corporate Resources, circulated at Pages No. 34-47, which asked Members to approve the revised Data Protection Policy.

8.2            The Director: Corporate Resources advised that the Council regularly reviewed its key policies and, having been adopted in 2018, the Data Protection Policy required revision to ensure it remained consistent with legal requirements, reflected best practice and continued to be fit for purpose.  It was noted that only minor amendments were required, as set out at Page No. 36, Paragraph 3.1 of the report.  The revised policy was attached at Appendix 1 to the report and had been endorsed by the Audit and Governance Committee at its meeting on 23 March 2023.  Members were advised it was a living document and work around data protection was ongoing.

8.3            A Member drew attention to Page No. 44, Paragraph 6.15 of the report which stated that electronic records must be removed permanently and she asked for clarification in terms of whether deleted documents could be recovered.  With regard to Page No. 45, Paragraph 6.19 of the report which stated that, in certain circumstances, the Council may charge a reasonable fee or refuse a data subject request where it was manifestly unfounded, excessive or repetitive, she asked how this was defined.  In response, the Director: Corporate Resources advised that Members would have an opportunity to raise questions about how the policy was practically applied at the Member Induction session in relation to the General Data Protection Regulation which was taking place on Monday 3 July and he stressed there would be ongoing training regarding data protection going forward.  The Head of Service: Audit and Governance advised that it was very rare to charge a fee to respond to a data request but the Council followed guidance from the Information Commissioner’s Office on what was considered reasonable.  The Member suggested that a sentence be added to the end of the paragraph to reflect that the fee would be in line with what was recommended by the Information Commissioner’s Office.  With regard to Page No. 47 of the report, the Member expressed the view that there was an urgent need for a casework system for Councillors and asked if that was something being considered.  She had contact with residents in numerous ways including various email accounts, WhatsApp, Facebook, answerphone messages and telephone calls as well as conversations in the street, and she was concerned about how to ensure data was secure.  The Director: Corporate Services indicated this could be a project for the Business Transformation Team but stressed it would need to be weighed against other priorities in terms of when it could be delivered.  Another Member felt it would be beneficial to have an annex to the policy which provided guidance for Members where things could be put more simply and kept updated without the need for whole policy change.  The Director: Corporate Services indicated that he would look to add a Frequently Asked Questions section, or something similar.

8.4            Upon being proposed and seconded, it was