What are the roles and responsibilities?

What are the roles and responsibilities?

All of our users are bound by the council’s code of conduct for employees to maintain confidentiality of the information they access and must not use the information for unauthorised purposes.

• The Chief Executive has overall accountability for information governance.
• Overview & Scrutiny Committee carries out the scrutiny functions of the council, providing an overview of compliance and performance.
• The Corporate Leadership Team (CLT) consists of members who are responsible for supporting initiatives in their directorates and service areas, as well as oversight of information governance within their area.
• The Senior Risk Owner (SIRO) works alongside the DPO and manages information risk at the highest level and ensuring that processes and decision making are in line with UK GDPR and good practice.
• The Data Protection Officer (DPO) is a statutory role set out in UK GDPR and they are in place to help the council fulfil its obligations through advice and monitoring. The DPO is accountable to the CLT.
• The Information Board is chaired by the SIRO and is in place to provide overall leadership for information governance arrangements, ensuring that policies and standards covering appropriate governance is in place across the council.
• The Caldicott Guardians are senior managers and are responsible for protecting health and care data, making sure it is being used appropriately and championing confidentiality.
• Information Asset Owners (IAOs) & Information Asset Managers (IAMs) are senior or operational managers responsible for managing risks relating to the information they own, as part of the services they offer.
• The Information Management Service (IMS) provide a lead for the council on all aspects of information management including governance, security, records management, requests management, and compliance.