Watch Children and Families Overview and Scrutiny Committee - Thursday 15 January 2026 10.00 am
3. Information is protected
In this section
3. Information is protected
Although information security forms an important part of principle 2, information is managed, as a custodian of large volumes of personal data for GCC it was important to separate this aspect out and make it a principle in itself. Poor information management and governance practices will expose the public sector to unnecessary risk. The public have a right to expect us to keep their data safe when they are sharing it with us to interact with our services. Poor practices can result in inconsistencies and breaches which may ultimately lead to reputational damage and potential fines from the ICO. It is particularly important when considering any new technology that the risks are appropriately balanced against the opportunities and benefits they may bring.
Adversely poor information management can also result in an overly risk averse approach which will hinder reuse and necessary information sharing. The need therefore is to ensure that the policies and frameworks in place allows information to be shared and reused for legitimate purposes, whilst at the same time ensuring that information is protected so that legal obligations are met and that only those who need to have access may do so.
Putting it into practice
A framework for information risk assessment and information governance has been developed to define the approach to protecting information. In particular it is important to ensure that all staff are aware of their roles and responsibilities, in particular for those with defined roles, such as
Information Asset Owners (IAOs) and the Senior Information Risk Owner (SIRO) in the Information Governance landscape. This framework includes, but is not limited to, the following policies:
Last reviewed: