We share your data between services within the council so that we can keep our information on you as up-to-date as possible and so that we can improve our services to you. For example, if you tell the housing team you have moved, they will pass this information on to other parts of the council such as the council tax team. Staff can only see your data if they need it to do their job.
We use a range of organisations to either store personal information or help deliver our services to you. Where we have these arrangements there is always an agreement or contract in place to make sure that the organisation complies with data protection law.
We also share information with other key organisations so that we can provide you with consistent and joined up services. This is particularly the case with Health and Social Care organisation, for example the Black Country and West Birmingham initiative One Health and Care. Information about your health and care is recorded across NHS organisations and local authorities. When you contact organisations involved in your care as a patient or service user, information is collected about you and records maintained about the care and services that have been provided. Further information is available about One Health and Care in their Privacy Notice.
We will often complete a Data Protection Impact Assessment (DPIA) before we share personal information to make sure we protect your privacy and comply with the law.
Sometimes we have a legal duty to provide personal information to other organisations. This is often because we need to give that data to courts, including:
- if we take a child into care
- if the court orders that we provide the information
- if someone is taken into care under mental health law
We may also share your personal information when we feel there is a good reason that is more important than protecting your privacy. This does not happen often, but we may share your information:
- in order to find and stop crime and fraud, or if there are serious risks to the public, our staff or to
- other professionals
- to protect a child or
- to protect adults who are thought to be at risk, for example if they are frail, confused or cannot understand what is happening to them
For all of these reasons the risk must be serious before we can override your right to privacy.
If we are worried about your physical safety or feel we need to take action to protect you from being harmed in other ways, we will discuss this with you and, if possible, get your permission to tell others about your situation before doing so.
We may still share your information if we believe the risk to others is serious enough to do so.
There may also be rare occasions when the risk to others is so great that we need to share information straight away.
If this is the case, we will make sure that we record what information we share and our reasons for doing so. We will let you know what we have done and why, if we think it is safe to do so.
How do we protect your information?
We will do what we can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them. Examples of our security include:
- Encryption, meaning that information is hidden so that it cannot be read without special knowledge (such as a password). Council equipment, such as laptops, uses this so no one can access the data other than the member of staff using it.
- Pseudonymisation, meaning that we will use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours.
- Controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it.
- Training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong.
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches).
The Council has to comply with strict security controls set out by the Government, NHS Digital and the Payment Card Industry. Our security controls are regularly tested by external assessors to ensure that they are robust enough to protect your information.