Somerset County Council (SCC) complies with the Data Protection Act 1998 and is registered as a ‘data controller’.
Our Data Protection Notification (registration number Z5957592) includes information about the types of personal data we process, what we use it for, and who we share it with.
How your personal data is collected, used and shared
Personal Data: This typically includes your name, gender, date of birth and contact details. We collect and use your personal data to provide, and improve, our public services to you, and to ensure we meet our statutory obligations. Your personal data may be collected on a paper or online form, by telephone, email, or by a member of our staff, or one of our partners.
Sensitive Personal Data: This typically includes health and social care data and potentially your NHS number. This is required for statutory services, such as education and social care, protection of vulnerable children and adults, and the support of public health and wellbeing, and may involve collecting, using and sharing Sensitive Personal Data as defined by the Data Protection Act 1998.
Whenever we request personal data from you, you should be told about who is collecting the data, the specific purposes it will be used for, and who it may be disclosed to
Types of Data and how they may be shared
The types of data that are typically shared to provide joined up services include your name, contact details, date of birth, gender and NHS number.
We only share sensitive personal data in limited circumstances: where we are required to do so by law or where it is necessary to fulfil our statutory obligations. This includes providing a range of public sector services for your health and social care, and the safeguarding of vulnerable children and adults.
The sharing of personal data will include the linking of data sets held by SCC, the NHS and other public sector partners to comply with our statutory duties and to provide joined up services.
Your personal information may be shared with external service providers, acting on our behalf, in order to provide the public services you have requested from us. We undertake to share only information which is relevant and necessary for the provision of the relevant service. People we share your information with are obliged to keep your details securely, and use them only to fulfil your request.
We do not pass personal data to third parties for marketing, sales or any other commercial purposes without your prior explicit consent.
Use of your NHS number in social care
If you are receiving support from social care then the NHS may share your NHS number with social care. This is so that the NHS and adult social care are using the same number to identify you whilst providing your care. By using the same number the NHS and social care can work together more closely to improve your care and support.
Your NHS number is accessed through an NHS service called the Personal Demographic Service (PDS). Adult social care sends basic information, such as your name, address and date of birth to the PDS to find your NHS number. Once retrieved from the PDS, the NHS number is stored in the Council’s adult social care case management system.
The data retained in the social care systems is maintained in line with the Council’s record retention policies. These policies are in accordance with the Data Protection Act 1998, Government record retention regulations and best practice. For further information please contact firstname.lastname@example.org. In terms of the Data Protection Act 1998, the Council is both the Data Controller and the Data Processor.
The NHS number then has two uses, the first being a unique identifier to allow social care information to be displayed in the Council’s social care case management systems, for the provision of direct care. We will also use this number in an integrated care record system across a number of support services, including GPs, hospitals, community matrons, district nurses and social care practitioners.
The Council will share information only to provide health and social care professionals directly involved in your care access to the most up-to-date information about you. It will do this by sharing appropriate information between health and social care services at the time of patient contact. Access to information is strictly controlled, based on the role of the professional. For example, social workers will only have access to information that is relevant to the execution of their care duties.
The Council’s IT security and confidentiality policies ensure that your information is protected, and available only to staff directly involved in your care. If you wish to see a copy of these policies please contact the Information Governance Team at email@example.com
The use of joined up information across health and social care brings many benefits. Examples of this are continuing care supplied by social care when patients are discharged into the community to be cared for at home, and where children receive joined up services for the provision of services for special educational needs and disability.
The addition of the NHS number to social care data will bring additional benefits, including better co-ordinated and safer care across health and social care, enabled through the sharing of real-time information, the planning and co-ordinating health and social care services, and less paperwork and more efficient use of health and social care resources.
You have the right to object to the processing of your NHS number in this way. This will not stop you receiving care, but will result in the benefits outlined above not being realised. To help you decide, we will discuss with you how this may affect our ability to provide you with care, and any other options you have. If you wish to opt-out from the use of your NHS number for social care purposes, please contact firstname.lastname@example.org
Anonymised and pseudonymised data
Your personal data may be aggregated with others and anonymised to create statistics that will be used to plan and commission services. No one who accesses this data will be able to see from whom the data originated, nor be able to trace it back to you. However, we may also collect statistical health data from the NHS which they have pseudonymised by using sophisticated encoding techniques. This data could be traced back to you, but only by persons within the NHS who are authorised to access the “key” to decode such data.
Public Health: Information is shared by the NHS to facilitate the provision of Public Health services under Section 42(4) of the SRSA (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
The Security of your data
SCC and its partners endeavour at all times to keep your personal data secure by storing it in secure servers both on-site and in Government accredited cloud storage. SCC endeavours to send all personal data to and from partners using encrypted email services.
Retention of your personal data
SCC will only retain and store your data for as long as it is needed for the purpose for which it was collected, or as required by the law, or as dictated by best practice as recommended by the Information and Records Management Society (IRMS).
The use of your personal data by the Joint Customer Call Centre
Somerset County Council and Taunton Deane Borough Council have a shared call centre. Your data may be collected by either an SCC or a TDBC employee, the call is then sent to the relevant service to be dealt with.
Further details on how the call centre processes your data
Prevention of Fraud
We must protect public funds and may use personal information and data-matching techniques to detect and prevent fraud, and ensure public money is targeted and spent in the most appropriate and cost-effective way. To achieve this, information may be shared with other bodies responsible for auditing or administering public funds including the Audit Commission, the Department for Work and Pensions, other local authorities, HM Revenue and Customs, and the Police. For more information see: The National Fraud Initiative.
We may also use personal information to identify and assist individuals: whose vital interests are threatened, and /or who need additional support during emergencies or major incidents, for example emergency evacuation.
We reserve the right to monitor and record electronic communications (website, email and phone conversations). There are a number of reasons why we may do this; staff training, records of conversations or detection, investigation and prevention of crime. We will inform you if your call is being recorded or monitored.
Any email sent to us, including any attachments, may be monitored for reasons of security and making sure they comply with our information governance policy. You have a responsibility to make sure any email you send to us is within the bounds of the law. Emails that we send to you or you send to us may be retained as a record of contact and your email address stored for future use in accordance with our record retention schedule.
CCTV: We have installed CCTV systems in some of our public premises for public and staff safety, crime prevention and crime detection. In all locations, signs are displayed notifying you that CCTV is in operation and providing details of who to contact for more information about the scheme. We will only disclose CCTV images to others for the purposes stated above.
Your information rights:
You have a right to see the information we hold about you. More information on accessing your personal data .
If you find that we hold information about you that is not accurate you may have the right to have this corrected. To correct inaccurate information held about you please contact us.
There may be circumstances in which you can “opt-out” of your personal data being used for data sharing. To “opt-out” of information sharing, please contact us. Please note your request will not affect our statutory duties to share your information in circumstances where we are legally obliged to do so.
You also have a right to make a complaint if you believe that your personal data has been shared inappropriately. More information about how to make a complaint is available on our customer feedback page.
For more information from Somerset County Council please contact:
The Information Governance Team, Somerset County Council, County Hall, Taunton, TA1 4DY. email@example.com.
For Independent advice please contact the Information Commissioners Office (ICO)
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF - Phone: 0303 123 1113 (local rate) or 01625 545 745 - firstname.lastname@example.org