A Care Quality Commission (CQC) assessment of Southampton City Council has identified significant information governance shortcomings, including an unresolved risk arising from large volumes of paper files whose location is unknown, and a risk register that was not being used effectively to support decision-making.
Southampton City Council's adult social care function received an overall rating of "Requires Improvement" following an assessment by the Care Quality Commission (CQC) against its duties under Part 1 of the Care Act 2014. The assessment, published on 17 June 2026, identified failures across governance, safeguarding, and service delivery with its findings on information security and document management playing a significant factor in the authority’s poor rating by the CQC.
The security of physical records was not consistently effective, with an unresolved risk related to large volumes of paper files whose location was unknown, creating the potential for breaches of confidentiality, the CQC found.
The report did not specify how many files are involved, when this risk was first identified, or what steps had been taken to locate or secure the records prior to inspection. However, the description of the risk as "unresolved" strongly suggests it had been known to the authority for some time without being addressed.
Given the sensitivity of adult social care records - encompassing Care Act assessments, support plans, safeguarding information, and financial assessments - their unknown location constitutes a potential breach of the data minimisation, integrity and confidentiality, and accountability principles under Article 5 of the UK GDPR. Where personal data relating to health or social care needs is involved, the heightened protections applicable to special category data under Article 9 are also engaged.
The report also identified the failure of the authority's internal risk management arrangements. Tools in place to manage risk such as the adult social care risk register were not used effectively to support senior leaders to make decisions to manage risk.
The CQC's overall assessment of governance gave Southampton City Council a score of 1 - the lowest possible - under the "Governance, management and sustainability" quality statement.
The report also documented a wider pattern of poor information management across adult social care operations. Some Care Act assessments lacked essential details, were not shared with carers, or were difficult to understand. Some individuals reported not receiving copies of assessments or updates despite repeated requests, which left them feeling excluded from decision-making.
The CQC also noted some evidence of support plans occasionally missing or being outdated, and found that annual reviews were not consistently planned for and many were only triggered by issues raised by providers.
The CQC ascribed many of these failures to a sustained period of organisational and leadership instability. The report found that while improvements had been made to performance management data, quality assurance, and governance arrangements, the impact of these changes had not yet translated into comprehensive and effective assurance on Care Act delivery to a good standard.
Southampton City Council has accepted the overall rating, describing it as consistent with its own self-assessment. Councillor Christian Cox, Cabinet Member for Adult Social Care and Public Health, said the council had taken action since the inspection to build on and accelerate improvements already under way, including strengthening leadership, improving safeguarding, and starting to reduce waiting times for assessments, and acknowledged that support must be consistently high-quality for everyone. With the leadership of a new Executive Director, it was committed to accelerating improvement and ensuring the actions taken would deliver better outcomes for residents it said.
