Agenda item

Revision of Members' ICT Policy

Minutes:

The Head of ICT Strategy and Delivery introduced his report reminding Members that the Council was responsible for a wide variety of information, some of which was personal and sensitive. Elected Members were responsible for the personal information of Wirral citizens in their Ward/Constituency. Members and the Council had legal and moral responsibilities to ensure that the security of that information was maintained.

 

It was also reported that the Council maintained an Information Governance Framework which sought to protect the security of its information assets. This was a combination of policy, procedural and technical controls which together helped officers and Members to manage the risks to the confidentiality, integrity and availability of Council information.

 

Appended to the report at Appendix 1 was the Members’ Information and ICT Acceptable Use Policy which confirmed responsibilities as a new or existing Elected Member of Wirral Council in terms of the acceptable use of Council information and ICT facilities. As well as outlining responsibilities under the Data Protection Act it also detailed the key policy rules that must be followed to ensure the safe handling, storage and use of Council and constituents’ information.It supplemented the Members’ Code of Conduct, and replaced the existing ‘Members’ ICT Policy’ previously agreed by the Council on 19 December 2016.

 

The Head of ICT Strategy and Delivery informed that the Members’ ICT Policy had been updated to take account of the 1998 Data Protection Act and the 2018 Data Protection Act. A few small changes had been made in respect of the security of emails and improvements in technology.

 

The Committee noted that no other options had been considered because failure to adequately protect the Council or Constituents’ information would result in a compromise of its security which could have a number of negative consequences for the Council, including:

 

·  Financial penalties - The ICO could issue monetary penalties up to €20 million to organisations which have failed to comply with the DPA.

 

·  Legal ramifications – Serious breaches of the DPA could result in legal action, including prosecution.

 

·  Reputational damage – Data breaches were often reported in the media and consequently result in the public perception of an organisation and/or the individuals who represent them, being damaged.

 

·  Emotional / physical harm – The compromise of personal and sensitive data could result in harm to the individuals to whom the information related.

 

·  Compliance – Failure to maintain information and ICT security could result in the Council not complying with the Public Services Network (PSN) and NHS Data Security and Protection Toolkit standards. This could result in the authority being unable to deliver key services.

 

Members then asked a number of questions which were answered by the Head of ICT Strategy and Delivery and the Director of Governance and Assurance.  Issues raised included the following:

 

·  The role of the Members’ Equipment Steering Group.  It was considered that it should have had the opportunity to make recommendations on it and sign off the revised Policy.

·  The webcasting service interruption during the Extraordinary Council meeting held on 25 February 2019.  Members had requested that the meeting be held in the Civic Hall but there had not been sufficient time to do this in order that the meeting could be webcast.  This was disappointing as a lot of members of the public had been expected and did attend but as there was not enough room in the public gallery, had to be accommodated in Committee Rooms 1 and 2.  Regrettably, there had been a wifi problem and the signal had dropped out.  Consequently, members of the public had missed a lot of the meeting because of the interruption.  It was noted that the webcasting was provided by a private company and did not use the Council’s network.

·  The Civic Hall was not designed for Council meetings and there was no webcasting equipment in there. On special occasions with plenty of notice suitable accommodation for a Council meeting may be found e.g. Civic Hall, Floral Pavilion, other hired space but this would incur an additional cost as it would also mean hiring a private company to provide webcasting because the Council’s mobile kit did not accommodate all 66 Members.

·  The Council now owned a cinema but it could not be used for Council meetings because it only owned the freehold, not the operation or the leasehold.  It was leased to a cinema provider (Vue).  If Vue Cinemas wished to let the Council use the cinema they would hire it out to the Council.

 

It was reported that the Head of ICT Strategy and Delivery (Jeff Ashworth) was leaving the Council and that his last day at work would be 22 March 2019.  Members put on record the Committee’s thanks for the work he had done and wished him well for the future.

 

RESOLVED:

 

That the Members' Information and ICT Acceptable Use Policy be recommended to the Council for approval.

Supporting documents: