Authority Meeting 09:00 – 12:30 23 October 2020 |
Chairman Present: Jacob Kohnstamm |
Voting Members Present: Gailina Liew David Smith Clarisse Girot Paul Routier MBE Helen Hatton |
Apologies Claire Le Brun – Finance Manager |
Non - Voting Members Present: Dr Jay Fedorak – Information Commissioner |
In Attendance: Paul Vane - Deputy Information Commissioner Anne King - Communications and Operations Manager Adrian Hayes - Compliance and Enforcement Manager Sarah Moorhouse – Communications Officer [Notetaker] |
Guest Speaker No guest speaker
|
|
Item |
Action |
1.0 |
Call to order and agenda approved. |
Agenda approved. |
|
Board approved minutes; · 17 August 2020 |
Minutes approved. |
2.0 |
Board Governance, Operations and Procedures |
|
2.1
2.2
2.3
2.4
2.5
|
Committee Terms of Reference were discussed and amends agreed to clarify; · Division of duties · Committee membership and duration · Refine and accurately reflect tasks of each committee
Members discussed that there must be separation between the hiring of the Commissioner and the subsequent measurement of the incumbent’s performance. Members decided that the Governance Committee would continue to be responsible for the recruitment of the Commissioner and the Remuneration Committee would be responsible for managing the performance of the Commissioner. The Nomination Committee required a new title to properly reflect its human resources functions.
JOIC Annual Report to reflect Committees are in place. Information Commissioner Recruitment, progress update – Governance Committee Chair.
JOIC HR consultant is assisting Authority members with the process, including the candidate brief and advertising. Target to interview (remotely) shortlisted candidates before Christmas 2020.
The Governance Chair recommended the following people for the interview panel; Authority members · Jacob Kohnstamm · David Smith · Helen Hatton · Gailina Liew External representatives · Government of Jersey · Appointments Commission
Remuneration Committee The Chair of the Remuneration Committee reported that they are evaluating the salary review for the team at the JOIC. The Finance Manager initiated an independent salary review to assist committee.
The Information Commissioner’s remuneration package has been reviewed.
Audit & Risk Committee (ARC) The ARC Chair questioned if it is appropriate for JOIC/JDPA to have ISO 27001 as a benchmark recognised standard. The Committee is looking for greater clarification from the auditors during the next audit.
Governance Committee The Government of Jersey invited Jacob Kohnstamm to consider a second term. The Governance Chair reported that there was unanimous endorsement of the Chair of the Authority, Jacob Kohnstamm, to remain in post for a second term. The Authority decided not to openly recruit for the role of Authority Chair.
The Governance Committee is focused on recruiting the Information Commissioner.
|
It was agreed to rename the Nomination Committee to the Remuneration and Human Resources Committee.
Deputy Commissioner to check if Cyber Essentials is included in ISO 27001.
|
3.0 |
JDPA Disposition of Potential Fee Income. To discuss the paper submitted by the Information Commissioner regarding the JDPA income from fines.
The Authority discussed the issue of independence and potential conflicts in relation to the Authority accessing the Attorney General’s funds.
The Authority proposed a reserve fund to meet any litigation costs.
The Chair of the Authority confirmed that any fines will not be part of the budget.
|
|
4.0 |
JOIC Update |
|
4.1
4.2
4.3
4.4
4.5
4.6
4.7 |
Looking after our Authority, How are we doing? The Communications & Operations Manager presented a brief summary of the Authority survey findings. · Authority Members to set up JOIC email addresses to keep exchanges on our own server. · SharePoint training to be arranged. · Authority agenda items to be numbered. · Delivering documents to the Authority in a timely and structured manner is very important.
Business Plan Performance. Deputy Commissioner, Communications and Operations Manager and Compliance and Enforcement Manager presented the measurement model and plans in the delivery of the strategic outcomes.
Business Plan 2021. The Deputy Commissioner presented the 2021 Business Plan summary. Authority members proposed that the Plan is amended to reflect: · More stringent targets. · Collaboration with the Children’s Commissioner. · Ensure measurable feedback from the education programme. · Greater focus on GPEN. · Review the strategic outcomes if appropriate.
Performance Statistics/Case Data. The Communications and Operations Manager highlighted the key points of the Quarter 3 (2020) performance statistics.
It was noted that the majority of data breaches occurred in the financial sector. The financial services ‘Toolkit’ working groups will assist the JOIC to raise this issue.
The Authority asked if the office requires more resources to cope with the volume of cases. The Communications and Operations Manager explained the team are closing old cases and this is reflected in the current length of days to close a case.
Case Review. Compliance and Enforcement Manager presented a recent case highlighting the risks of mismatching personal data to the wrong data subject.
Proposed that the JOIC provide additional guidance for the relevant sector.
Quarter 3 Financial Performance. The Authority discussed the financial reports particularly with reference to the 2019 audit. The Authority requested budget/cost comparison for 2020 to 2021.
A legal reserve to be identified in 2021.
‘Q3 2020 Issues and Accomplishments’ the leadership team reviewed the issues in Q3 and highlight the planned activities in Q4 and where relevant 2021. The following issues were raised: · Covid-19 resilience. · Adequacy progress.
|
|
5.0 |
Other Business No other business. The meeting closed at 12:30.
|
|
6.0 |
Authority ‘In Camera’ Session The Governance Committee held a discussion in the absence of the Information Commissioner and staff. |
|