Safeguarding

Data Controller

NHS West Yorkshire Integrated Care Board

Purpose

We have a legal duty to have arrangements in place for safeguarding adults and children (children and adults at risk of abuse or neglect).

Information is used to assess and evaluate safeguarding concerns so that we can work effectively with NHS partners and other agencies to help promote the welfare of children or adults and to protect them from abuse and neglect.

Lawful basis

The ICB’s legal basis for processing this personal data under the UK GDPR is Article 6(1) e- processing is necessary for the performance of a task carried out in the exercise of official authority vested in the controller

For special category data the basis is:

Article 9(2) b –  processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law

For the purposes of Article 9(2)(b), a wide range of acts relate to safeguarding powers and duties. These include for example  the Children Acts 1989 and 2004, the Care Act 2014, the Crime and Disorder Act 1998, the Mental Capacity Act (2005), the Sexual Offences Act 2003, the Counter-Terrorism and Security Act 2015 and the Modern Day Slavery Act 2015. This list is not exhaustive.

Type of information used

The information collected by ICB staff in the event of a safeguarding situation will be as much personal information as is necessary or possible to obtain in order to handle the situation.

Personal data: name, address, date of birth, NHS number

Special category data: ethnic origin, physical and mental health details.

Who we will share the information with (recipients)

Information may be shared with other statutory and non-statutory agencies involved in safeguarding adults and children.

This may include: Safeguarding Boards, Multi-Agency Safeguarding Hubs (MASH), Multi-Agency Risk Assessment Conference (MARAC), Local Authority, other Health and Social Care organisations or the Police.

Do we use any processors

The Health Informatics Service (THIS), and West Yorkshire ICB Leeds IT and Leeds City Council IT Integrated Digital Service (IDS) our IT suppliers who store all our information securely on their servers.

Microsoft Azure, supported by IT staff, host our data.

How we collect (the source) and use the information

We may receive information relating to safeguarding concerns from you directly, relatives, or through notification of concerns from other Health and Social Care organisations or from other statutory and non-statutory agencies involved in safeguarding.

All Health and Social Care professionals have a legal requirement to share information with appropriate organisations where safeguarding concerns about children or adults have been raised. Where it is appropriate to do so, the organisations will keep you informed of what information is required to be shared.

We also have powers and obligations to share information that we think other agencies may need to help safeguard children or adults. Information is used to assess risks and to develop safeguarding plans. This often needs to be done in partnership with other agencies in order to effectively safeguard and promote the welfare of children or adults.

We also use information to improve safeguarding practices by learning from the experiences of children, adults and their families. This can be in the form of statutory and non-statutory reviews, including for example Serious Case Reviews (Children) Safeguarding Adults Reviews, Domestic Homicide Reviews and Mental Health Homicide Reviews.

Access to this information is strictly controlled and where there is a need to share information, e.g. with police or social services, all information will be transferred safely and securely ensuring only those with a requirement to know of any concerns are appropriately informed.

How long we will keep the information

Information is kept in accordance with the Records Management Code of Practice 2021 – depending on the nature of the records held, some records will be kept for longer than the minimum retention periods within the Code of Practice.

Your rights

Under the UK General Data Protection Regulation all individuals have certain rights in relation to the information which the ICB holds about them. Not all rights apply equally to all our processing activities as certain rights are not available depending on the lawful basis for the processing.

If you require further detail each link below will take you to the Information Commissioner’s Office website where further detail is provided in the section ‘When does the right apply’.

These rights are:

• The right to be informed about the processing of your data
• The right of access to the data held about you
• The right to have that information amended in the event that it is not accurate
• The right to have the information deleted
• The right to restrict processing
• The right to have your data transferred to another organisation (data portability)
• The right to object to processing
• Rights in relation to automated decision making and profiling

Under the NHS Constitution you have the right to privacy and to expect the NHS to keep your information confidential and secure.

If you have an enquiry in relation to your data protection rights please contact wyicb.foi@nhs.net