Skip to content

Information governance

Information governance is a framework that ensures that our information is managed to ensure that all legal, statutory, and best practice requirements are met.

The Information Commissioner's Office (ICO)is the UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. It offers advice and guidance for both individuals and organisations. The ICO also has the legal power to issue monetary penalties up to £500,000 for organisations, and initiate criminal proceedings against individuals, who commit offences under the Data Protection Act 2018.

The 4 information governance principles


The availability and accessibility of non-confidential information in line with responsibilities under the Freedom of Information Act 2000 and the European Directive for Environmental Information.

Legal compliance

Ensuring that confidential information is held, obtained, recorded, used and share in line with the Data Protection Act 2018, Duty of Confidentiality, Caldicott Principles and other legal, statutory and best practice requirements.

Information security

Safeguarding the security of information assets in terms of confidentiality, availability and integrity of personal and other sensitive information in line with British, European and International Standards of practice.

Quality assurance

Improving the accuracy, validity, relevance, timeliness and completeness of data to ensure the highest quality of information.

Legal frameworks for data information management are:

  • Data Protection Act 2018
  • Freedom of Information Act 2000
  • The Environmental Information Regulation 2004
  • The Human Rights Act 1998

Information governance training

We need to maintain the trust and confidence of the public, our staff and external partners and agencies in our ability to handle their personal data sensitively.

Failures in the protection of sensitive public data could not only be damaging to our reputation but also lead to prosecutions and substantial fines.

To help people understand the importance of data security and how to treat confidential information, we offer information governance training to all staff. It's mandatory that all staff undertake this training on induction and then on an annual basis whilst they are employed by us.

To access information governance courses, go to the Derbyshire Learning Pool, log in, search the site using the keywords 'information governance' and select the relevant information governance e-learning course to complete. If you've forgotten your password, you can choose to reset it yourself from the learning pool homepage or email

For all staff who do not have internet access their line managers can run information governance briefing sessions using the training resources attached to this page, and request that the Learning Pool system is updated to reflect that staff attending the briefings have received training.