Issue - meetings

IT Security & AI Data Protection Overview

Meeting: 01/12/2022 - Overview and Scrutiny Commission (Item 105)

105 IT Security & AI Data Protection Overview pdf icon PDF 297 KB

Report of Councillor Jane James, Executive Member for Customer & Corporate





The Executive Member for Customer and Corporate Services, Councillor Jane James, introduced the report on IT Security & AI Data Protection. The threat of cyber attack was on the rise both with the quantity and complexity of cyber-attacks increasing every year. With this in mind it was vital that Breckland Council remained vigilant, resilient and prepared to defend the information held. It was also important to ensure that the information held was compliant with legislation and in keeping with the high level of trust placed in the Council by its residents.


The report laid out the robust approach Breckland Council had taken against cyber security which was in line with best practice and was the best possible chance to protect against cyber-attacks. It was important to state that cyber-attacks remained a constant evolving challenge and needed constant review and investment. No matter how good the technology and investment in place the Council also relied on people as part of that defence and there were regular cyber security training courses available.


Councillor Birt had reservations on the introduction of AI specifically around the Terms and Conditions of Amazon which stated that ‘Amazon processes and retains your Alexa interactions’, he felt that this would become an issue if the Council progressed to using more specific related data and suggested that this was something that the Overview & Scrutiny Commission (OSC) needed to be aware of and continually scrutinise.


Councillor Birt also stated that he originally requested this subject be brought before OSC in order to protect residents. He felt that there had been recent multiple failures of IT systems which had not been addressed in the report.


The IT & Digital Manager, Ben Meen explained that the system failures had not been mentioned in the report as they were technology failures and not security issues. He said that they had introduced as much resilience into the processes as possible and were working on a cloud solution to back up of data which was a much more effective solution of storing data safely and enabled the continual use of systems in in the event of a disaster scenario.