Data Controller
NHS West Yorkshire Integrated Care Board
Purpose
We have a legal duty to have arrangements in place for safeguarding adults and children (children and adults at risk of abuse or neglect).
Information is used to assess and evaluate safeguarding concerns so that we can work effectively with NHS partners and other agencies to help promote the welfare of children or adults and to protect them from abuse and neglect.
The information collected by us in the event of a safeguarding situation will be as much personal information as is necessary in order to handle the situation.
Lawful basis
The ICB’s legal basis for processing this personal data under the UK GDPR is Article 6(1) e exercise of official authority.
For special category data the basis is:
Article 9(2) b – social security and social protection law.
For the purposes of Article 9(2)(b), a wide range of acts relate to safeguarding powers and duties. These include e.g. the Children Acts 1989 and 2004, the Care Act 2014, the Crime and Disorder Act 1998, the Mental Capacity Act (2005), the Sexual Offences Act 2003, the Counter-Terrorism and Security Act 2015 and the Modern Day Slavery Act 2015. This list is not exhaustive.
Type of information used
The information collected by ICB staff in the event of a safeguarding situation will be as much personal information as is necessary or possible to obtain in order to handle the situation.
Personal data: name, address, date of birth, NHS number
Special category data: ethnic origin, physical and mental health details.
Who we will share the information with (recipients)
Information may be shared with other statutory and non-statutory agencies involved in safeguarding adults and children.
This may include; Safeguarding Boards, Multi-Agency Safeguarding Hubs (MASH), Multi-Agency Risk Assessment Conference (MARAC), Local Authority, other Health and Social Care organisations or the Police.
Do we use any processors
The Health Informatics Service (THIS), our IT supplier who store all our information securely on their servers.
Microsoft Azure, supported by IT staff, host our data.
How we collect (the source) and use the information
We may receive information relating to safeguarding concerns from you directly, relatives, or through notification of concerns from other Health and Social Care organisations or from other statutory and non-statutory agencies involved in safeguarding.
All Health and Social Care professionals have a legal requirement to share information with appropriate organisations where safeguarding concerns about children or adults have been raised. Where it is appropriate to do so, the organisations will keep you informed of what information is required to be shared.
We also have powers and obligations to share information that we think other agencies may need to help safeguard children or adults. Information is used to assess risks and to develop safeguarding plans. This often needs to be done in partnership with other agencies in order to effectively safeguard and promote the welfare of children or adults.
We also use information to improve safeguarding practices by learning from the experiences of children, adults and their families. This can be in the form of statutory and non-statutory reviews, including e.g. Serious Case Reviews (Children) Safeguarding Adults Reviews, Domestic Homicide Reviews and Mental Health Homicide Reviews.
Access to this information is strictly controlled and where there is a need to share information, e.g. with police or social services, all information will be transferred safely and securely ensuring only those with a requirement to know of any concerns are appropriately informed.
How long we will keep the information
Information is kept in accordance with the Records Management Code of Practice 2021 – depending on the nature of the records held, some records will be kept for longer than the minimum retention periods within the Code of Practice.
Your Rights
With regards to Safeguarding under the UK GDPR you have the following rights:
- The right to be informed about the processing of your data (this notice)
- The right of access to the data held about you
- The right to have that information amended in the event that it is not accurate
- The right to restrict processing
- The right to object to processing
- Right not to be subjected to automated decision making and profiling
- To be notified of data breaches