Agenda item
Information Governance update and Senior Information Risk Owner (SIRO) Annual Highlight report 2025/26
- Meeting of Audit and Governance Committee, Thursday, 25th June, 2026 6.00 pm (Item 134.)
- View the background to item 134.
Purpose:
To provide the Committee with its first Information Governance & SIRO report, summarising the Council’s key actions and progress in reducing information risk and strengthening data and information management controls during the 2025/26 financial year.
Recommendations:
That the Audit and Governance Committee resolves to:
- Note the report of the Senior Information Risk Owner (SIRO) on Information Governance for the 2025/26 period
- Approve the future inclusion of the SIRO’s Annual Report within the Annual Governance Statement for reporting purposes
Minutes:
Phil Martin, Chief Executive, presented the item the purpose of which was to provide the Committee with the Information Governance & SIRO report, which summarised the Council’s key actions and progress in reducing information risk and strengthening data and information management controls during the 2025/26 financial year.
In his presentation the Chief Executive made the following points:
- The report was the first of its kind presented to the Committee. It was considered best practice for the report to be brought annually to Committee.
- The key areas for managing information and risk were outlined in section 2.2 of the report and were aligned with the Committee’s responsibilities to ensure that the Council’s control framework remained robust.
- The report was a backward-looking document which had highlighted actions, plans, opportunities and challenges related to information risk and governance for the 2025/26 year.
- There had been good progress in the past year in response times to subject access requests, freedom of information requests and limiting information risk.
- The report showed that there was an upward curve over the last three years in subject access requests.
- The Council itself had 22 subject access requests and 14 data breaches. These numbers were considered relatively low in comparison to partner councils.
- Section 3.6 gave information related to freedom of information requests. In quarter one of 25/26, information management targets had been hit in relation to these, despite request volume increasing. This was due to increased resources and improved processes that had ensured increased efficiency.
In the discussion the following points were raised:
- Clarification was sought on the meaning of the star in the table at 3.2 of the report adjacent to “requests open/on hold”. The Chief Executive advised that clarification would be sent on this matter.
- Regarding automated decision making, further elaboration on the advantages and disadvantages of its use was requested. The Chief Executive responded by affirming the mindful approach that the Council was taking in this area. He noted that automation could improve the ease of subject access and freedom of information requests.
- Further information was requested on the Council’s Cyber Security Team, and the omission of cyber security from the list of key areas of focus was queried. The Chief Executive responded by detailing the expertise, training and investment in the Council's Cyber Security Team. It was also noted that access to resources from partner councils had put the Council in a strong position. The Chief Executive advised that cyber security could be included in key focus areas in future.
- It was suggested that it would be useful to show the time limit data for subject access requests referred to in section 2.1 of the report, in a similar manner to the freedom of information requests data at 3.6. The Chief Executive assured the Chair that the requests included were made in the relevant time frame and agreed that the data could be presented in this way in the future.
Councillor Elizabeth Poskitt proposed the recommendations of the report. This proposal was seconded by Councillor Sandra Simpson. This was voted on and unanimously agreed.
That the Audit and Governance Committee resolved to:
1. Note the report of the Senior Information Risk Owner (SIRO) on Information Governance for the 2025/26 period
2. Approve the future inclusion of the SIRO’s Annual Report within the Annual Governance Statement for reporting purposes
Supporting documents:
-
SIRO Covering report June 2026, item 134.
PDF 70 KB -
SIRO Report Annex - June 2026, item 134.
PDF 581 KB