Data Collection, Data Sharing and Purpose Specification Data Controller: Dudley Metropolitan Borough Council Dudley Council’s Risk and Insurance Team (Financial Services) collects personal information only if you make or are party to a civil liability claim against the Council. It will be necessary to investigate the claim to establish the Council’s position on liability i.e. to pay or not to pay your claim.
Your personal information is used by the Risk and Insurance Team to process your civil claim. In order to carry out this function, we rely on the Local Government Act 1972, Sections 222 and 223 which set out the power of local authorities to prosecute, defend and appear in legal proceedings.
To enable an assessment to be made of your claim application, the Risk and Insurance Team will collect and process a range of information about you. This includes but is not limited to:
- Name, address, National Insurance Number, telephone numbers, email addresses
- Wage/salary/Pension/Benefits Information
- Employers/employment records
Depending on the nature of your claim and the stage to which it progresses, it may be necessary to gather certain information known as Special Category Data. This will principally include, although not limited to, information such as:
- Health records: GP, hospital and occupational
The General Data Protection Regulation Article 9(g) provides for the processing of special category data where it is in the substantial public interest to do so and is authorised by domestic law. The Data Protection Act 2018 (DPA 2018) specifically identifies that processing insurance claims is in the substantial public interest and provides a basis for processing this information under Schedule 1, Part 2 paragraph 20 of the DPA 2018.
Your personal information is used as part of investigating your claim. We will also use your data in order to ensure that the Council complies with the law and other regulatory requirements. For example, the Council must advise the Department of Work and Pensions of all Personal Injury claims it receives and provide data to assist with prevention and detection of fraud to certain government departments.
All personal information is securely stored within a database which is password controlled and also subject to wider, additional controls operated by Council ICT systems. Where necessary and appropriate, we will share your information with other organisations, these include but are not limited to:
- Insurers
- Solicitors
- Claims handling agents
- Department of Work and Pensions
- Internal departments of the Council
- Government departments remitted to investigate, prevent and control fraud
If/where information is passed on to others, it will be sent securely/confidentially via email or if necessary via the postal system via Special/recorded delivery. The Council's full Privacy and Disclaimer Statement can be accessed on the Council's website at this link: information.governance@dudley.gov.ukhttp://www.dudley.gov.uk/privacy-disclaimer-statement/
For purposes of statistical analysis, obligations to the Council’s insurers and some other financial requirements, core data (basic claim record) will be held indefinitely and securely stored, we are allowed to do this because of its status as a ‘legal claim’ . Discrete records held within the basic file such as medical reports, wage/salary details, occupational health records and any other documents particular to individuals will be reviewed on a rolling basis and subject to the status of the claim and Statutory Limitation periods, will be deleted after 6 years.