Data Collection, Data Sharing and Purpose Specification
Data Controller: Dudley Metropolitan Borough Council.
Dudley Council’s Insurance Team (Financial Services) collects personal information only if you make or are party to a civil liability claim against the Council. It will be necessary to investigate the claim to establish the Council’s position on liability i.e. to pay or not to pay your claim.
Your personal information is used by the Insurance Team to process your civil claim. In order to carry out this function, we rely on the Local Government Act 1972, Sections 222 and 223 which set out the power of local authorities to prosecute, defend and appear in legal proceedings.
To enable an assessment to be made of your claim application, the Insurance Team will collect and process a range of information about you. This includes but is not limited to:
Name, address, National Insurance Number, telephone numbers, email addresses
Wage/salary/Pension/Benefits Information
Employers/employment records
Depending on the nature of your claim and the stage to which it progresses, it may be necessary to gather certain information known as Special Category Data. This will principally include, although not limited to, information such as:
Health records: GP, hospital and occupational
The UK General Data Protection Regulation Article 9(g) provides for the processing of special category data where it is in the substantial public interest to do so and is authorised by domestic law. The Data Protection Act 2018 (DPA 2018) specifically identifies that processing insurance claims is in the substantial public interest and provides a basis for processing this information under Schedule 1, Part 2 paragraph 20 of the DPA 2018.
Your personal information is used as part of investigating your claim. We will also use your data in order to ensure that the Council complies with the law and other regulatory requirements. For example, the Council must advise the Department of Work and Pensions of all Personal Injury claims it receives and provide data to assist with prevention and detection of fraud to certain government departments.
All personal information is securely stored within a database which is password controlled and also subject to wider, additional controls operated by Council ICT systems. Where necessary and appropriate, we will share your information with other organisations, these include but are not limited to:
Insurers
Solicitors
Claims handling agents
Department of Work and Pensions
Internal departments of the Council
Government departments remitted to investigate, prevent and control fraud
If/where information is passed on to others, it will be sent securely/confidentially via email or if necessary via the postal system via Special/recorded delivery. The Council's full Privacy and Disclaimer Statement can be accessed on the Council's website at this link: Corporate Privacy Statement
For purposes of statistical analysis, obligations to the Council’s insurers and some other financial requirements, core data (basic claim record) will be held indefinitely and securely stored, we are allowed to do this because of its status as a ‘legal claim’ . Discrete records held within the basic file such as medical reports, wage/salary details, occupational health records and any other documents particular to individuals will be reviewed on a rolling basis and subject to the status of the claim and Statutory Limitation periods, will be deleted after 6 years.
