The Council is recommended to approve the Members’ Information and ICT Acceptable Use Policy. (Report attached, minute to follow in supplement)

The second matter requiring consideration was in relation to a request to approve the recommendation of the Standards and Constitutional Oversight Committee of 26 February 2019 that the Members’ Information and ICT Acceptable Use Policy be approved (minute 26 refers).

On a motion by Councillor Bernie Mooney, seconded by Councillor Angela Davies, it was –

Resolved (62:0) (One abstention) – That the recommendation contained within minute 26 of the Standards and Constitutional Oversight Committee, 26 February 2019, be approved.

The Head of ICT Strategy and Delivery introduced his report reminding Members that the Council was responsible for a wide variety of information, some of which was personal and sensitive. Elected Members were responsible for the personal information of Wirral citizens in their Ward/Constituency. Members and the Council had legal and moral responsibilities to ensure that the security of that information was maintained.

It was also reported that the Council maintained an Information Governance Framework which sought to protect the security of its information assets. This was a combination of policy, procedural and technical controls which together helped officers and Members to manage the risks to the confidentiality, integrity and availability of Council information.

Appended to the report at Appendix 1 was the Members’ Information and ICT Acceptable Use Policy which confirmed responsibilities as a new or existing Elected Member of Wirral Council in terms of the acceptable use of Council information and ICT facilities. As well as outlining responsibilities under the Data Protection Act it also detailed the key policy rules that must be followed to ensure the safe handling, storage and use of Council and constituents’ information.It supplemented the Members’ Code of Conduct, and replaced the existing ‘Members’ ICT Policy’ previously agreed by the Council on 19 December 2016.

The Head of ICT Strategy and Delivery informed that the Members’ ICT Policy had been updated to take account of the 1998 Data Protection Act and the 2018 Data Protection Act. A few small changes had been made in respect of the security of emails and improvements in technology.

The Committee noted that no other options had been considered because failure to adequately protect the Council or Constituents’ information would result in a compromise of its security which could have a number of negative consequences for the Council, including:

·  Financial penalties - The ICO could issue monetary penalties up to €20 million to organisations which have failed to comply with the DPA.

·  Legal ramifications – Serious breaches of the DPA could result in legal action, including prosecution.

·  Reputational damage – Data breaches were often reported in the media and consequently result in the public perception of an organisation and/or the individuals who represent them, being damaged.

·  Emotional / physical harm – The compromise of personal and sensitive data could result in harm to the individuals to whom the information related.

·  Compliance – Failure to maintain information and ICT security could result in the Council not complying with the Public Services Network (PSN) and NHS Data Security and Protection Toolkit standards. This could result in the authority being unable to deliver key services.

Members then asked a number of questions which were answered by the Head of ICT Strategy and Delivery and the Director of Governance and Assurance.  Issues raised included the following:

·  The role of the Members’ Equipment Steering Group.  It was considered that it should have had the opportunity to make recommendations on it and sign off the revised Policy.

·  The webcasting service interruption during the Extraordinary  ...  view the full minutes text for item 26