Date Monday 23 January 2012 Matters arising from the previous meeting. Restrictions? If Y please give the reason for the restriction below.

Transcription

1 Meeting Paper title Management Board Date Monday 23 January 2012 Matters arising from the previous meeting. Agenda item 3 Discussion time Purpose of paper Information and discussion 15 minutes Restrictions on public access including staff Presenter ET sponsor Restrictions? Y If Y please give the reason for the restriction below. The minutes have already been published. Christopher Graham As above Corporate Plan aim 8.3 improve our corporate governance so it becomes embedded in the ICO culture. Summary Who has been consulted? The agreed minutes of the last meeting are provided for information. The action points are provided for clearance if possible. Minutes and action points have been circulated to Executive Team members. 1

2 2

3 Management Board minutes Monday 07 November 2011 Members and other attendees present Simon Entwisle Christopher Graham Neil Masom Jane May Robert Parker Enid Rowlands David Smith Graham Smith Peter Bloomfield Jonathan Kay Director Operations Information Commissioner and Chief Executive (chair) Non-executive Director Non-executive Director Acting Director Corporate Affairs Non-executive Director Deputy Commissioner Deputy Commissioner Senior Corporate Governance Manager (secretariat) Corporate Governance Officer (secretariat) 1. Introductions and apologies 1.1. There were apologies from Vicky Blainey, Director Organisational Development, and Andrew Hind, Nonexecutive Director. 2. Declaration of interests 2.1. Jane May advised that she had been appointed an Independent Review Panel Member for the Equitable Life Payment Scheme. 3. Action points from the Management Board meeting of the 18 July The Commissioner would discuss the possible attendance of senior MOJ officials at the ICO at the next liaison meeting with the Ministry of Justice. 1

4 4. Commissioner s update 4.1. The restructuring of Executive Team responsibilities is continuing following Project Next Steps. The new post of Director of Corporate Services would be advertised soon. In addition, following on from the project, a high level budget for 2012/13 which met the tight grant in aid settlement had already been agreed by Executive Team. It would come to Management Board for discussion at the strategy day on 28 November How best the ICO could help government overcome their challenge of complying fully with information rights legislation was highlighted as a concern, especially because of the possible impact on public confidence if government miss-handled personal information. This could be discussed at the strategy day The House of Commons Justice Committee had reported following the Commissioner s recent evidence session. The Committee supported the ICO s call for commencement of the strengthened sentencing options included in the Criminal Justice and Immigration Act A case for the extension of the ICO s ability to audit certain organisations without consent was being prepared. This would cover the NHS, local government and financial services International aspects were touched upon following the recent Privacy Commissioner s conference. Action point 1: Christopher Graham to provide a note to members on the Privacy Commissioners conference. 5. Balanced scorecard 5.1. Simon Entwisle gave an overview of work on the balanced scorecard. A corporate level balanced scorecard had been developed. It was based on previous discussion at Management Board and supported by directorate level scorecards Progress was welcomed. Only the top level corporate scorecard was required by the Board, with commentary highlighting any issues arising. Links with the ICO risk register were suggested. There was also discussion about the fact that some ICO activities were difficult to measure and hence a purely metrics based approach would not work. However, there was further work arising from both the Next Steps Project and a planned internal audit, looking at what 2

5 Strategic Liaison and Policy Delivery did. Ideas as to how to better measure the impact of these departments might come out of these pieces of work The inclusion of financial information was also considered It was recognised that development of the balanced scorecard was an ongoing piece of work, and also that what was important was that it was used by management to manage. 6. Forward looking items Funding 6.1. Currently notification fee income pays for data protection work and grant in aid covers freedom of information. However, the ICO is more and more organised around regulating information rights in general and the current funding model is difficult to manage within this context. The ICO is therefore considering alternative ways of funding A range of funding options was discussed. Discussion focused on charging a flat rate information rights fee of data controllers and public authorities. This option would be looked at further, as would the possibility of some self funding It was noted that the funding model could influence the project to replace the ICO s DUIS system (used to collect notification fee income) and the choice of replacement finance system. Action point 2: Graham Smith to consider further the preferred ICO funding options and how these might work and be implemented. IT developments 6.4. Simon Entwisle reported that negotiations are ongoing for a one-year extension of the ICO s IT services contract The cost of replacing the ICO s DUIS system (the ICE project) has been defined and the project is on track. One remaining area of uncertainty is the future of government websites and any knock on effects for the ICO The replacement of the finance IT system is on hold until next year due to a lack of internal resource and funding. It is not expected to be delivered until half way through 2012/13. Even given enough funding, the lack of internal 3

6 resources meant that there would be a risk to this and other IT projects if the project was brought forward The project had been delayed several times in the past and the Audit Committee and NAO had previously expressed concerns. It was suggested that the Audit Committee may want to consider the matter further. Action point 3: Audit Committee to consider whether further discussion is needed on the delay to the finance IT system replacement. Management Board strategy day 6.8. The strategy day will be held on 28 November, and would start at Briefing will include a report on the technical horizon, a presentation on the annual track survey, the results of the staff survey, and a high level budget and simplified (combined) corporate and business plan. 7. Information Rights Strategy 7.1. David Smith introduced the revised draft Information Rights Strategy. The draft strategy had been updated following public consultation and feedback from the Information Rights Committee The Board noted the comments from the consultation exercise, and agreed on the need to embed the strategy into the ICO s work and to communicate it well. Options for a public launch would need to be explored. Action point 4: David Smith to consider how best to launch the Strategy. 8. Risk Management 8.1. Management Board considered the risk register. It was agreed that some of the risks should be tolerated as there was little more the ICO could do in mitigation. The risks would remain on the management summary page and could be considered again if need be. 9. Finances 9.1. The September expenditure report was presented for information. Expenditure was on track to meet anticipated 4

7 outturn. Changes to pension legislation in respect of autoenrolment in the ICO s pension scheme had been noted The Board agreed to the extension of the current payroll contract for 2012/ Issues reports Operations The last quarter has seen increased receipts and closures for both data protection and freedom of information cases. Complaints about local government s handling of freedom of information requests have increased relative to those about central government The ICO had received a large number of complaints about Spam texts. An online questionnaire, completed by just under 1,000 people, had been used to get information about Spam texts they had received. The ICO is considering taking action against some of the organisations involved and is also looking at how to educate people better on what to do when they receive Spam texts. Information Rights The ICO will be giving evidence to the Leveson Inquiry. Lord Justice Leveson is examining the culture, practices and ethics of the press and looking at whether media selfregulation works A tender has been let for the first stage of a project to examine how best to embed information rights into the education system The European Commission intend to publish the draft text of a new data protection legal instrument at the end of January. The ICO is planning to explore any possible changes to the law relating to data protection and will look at how the instrument might work in practice There is much information tribunal activity. Freedom of information appeals are now, in the main, being made by the complainant rather than the public authority. Corporate Affairs The Knowledge Management Strategy will be signed off in December. In addition the staff survey has now ended and results will be reported on shortly. Also a stakeholder perception research project will be taking place soon. 5

8 10.8. Two films are planned. One will provide general data protection training for data controllers and their staff, and the other will update the ICO s existing DVD on blagging. Organisational Development The Board noted the Organisational Development report. 11. Executive Team meetings The Board noted the minutes of ET meetings held since the last Management Board. 12. Management Board self assessment Peter Bloomfield introduced a paper reporting the results of the self assessment questionnaire. There was discussion about the need to have continuity in the Board when the Commissioner s tenure was up. Action point 5: Christopher Graham to confirm the timetable for extension or otherwise of non-executive director positions and to consider how these relate to the change in Commissioner. 13. Audit Committee report There were no comments arising from the minutes of the last Audit Committee. 14. Any other urgent business The Board commended the update that members had received prior to the meeting on the Protection of Freedoms Bill, and asked that such opportunities be sought before other Board meetings. These would address strategic issues and the ICO s perspective on them. v4 2 December

9 Management Board action point follow up sheet Date/ Issue ref no Monday 18 July Christopher Graham to invite senior MOJ officials to the ICO, possibly to present to a Management Board meeting. Action Outstanding Monday 7 November Christopher Graham to provide a note to members of the Board on the recent Privacy Commissioner s Conference. 2 Graham Smith to consider further the preferred ICO funding options and how these might work and be implemented. 3 Audit Committee to consider whether further discussion is needed on the delay to the finance IT system replacement. 4 David Smith to consider how best to launch the Information Rights Strategy. 5 Christopher Graham to confirm the timetable for extension or otherwise of non-executive director positions and to consider how these relate to the change in Commissioner. Completed circulated 18 November. Ongoing Completed Audit Committee discussed the matter on 5 December. Completed the Strategy was launched over the Christmas period. Completed dates of contract ends and extension periods considered in respect of the Commissioner s term. 1

10 2