Under the Data Protection Act, the Council has a legal duty to protect any information collected from you. Information can be held in manual files or on computer and it is used to deliver Council services. Only the minimum appropriate personal data is requested and held, and it is only kept as long as required for the purpose. We will not pass personal information to other companies or individuals unless we are required to so by law. The Council has approved a Data Protection Policy, which defines this duty in more detail.
We are required by The Data Protection Act 1998 to notify the Information Commissioner of what we are doing with personal data. The Council has registered the data we process with the Information Commissioner.
The Data Protection register shows what an organisation or individual is registered to do. It will not state whether or not an organisation holds personal information on a particular person.
If you would like a copy of the register please contact the Information Commissioner.
You can obtain paper copies of individual register entries from the Office of the Information Commissioner free of charge. A small fee is payable for certified copies.
Any information you give to us will be held securely and in accordance with the rules on data protection. We will treat personal details as private and confidential and safeguard them. We will not disclose them to anyone unconnected with the Council unless you have consented to their release, or in certain circumstances where:
This Council is required by law to protect the public funds it administers.
It may share information provided to it with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud.
The Audit Commission appoints the auditor to audit the accounts of this Council. It is also responsible for carrying out data matching exercises.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The Audit Commission currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud.
We are required to provide particular sets of data to the Audit Commission for matching for each exercise, and these are set out in the Audit Commission's handbooks, which can be found at
www.audit-commission.gov.uk/nfi.
The use of data by the Audit Commission in a data matching exercise is carried out with statutory authority under its powers in Part 2A of the Audit Commission Act 1998. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Data matching by the Audit Commission is subject to a Code of Practice. This may be found at ( www.audit-commission.gov.uk/nfi/codeofdmp.asp)
PROCESSING OF PERSONAL DATA
What is Personal Data
Under the Data Protection Act 1998, Personal Data is defined as data that relates to a living individual who can be identified:
(a) from those data, or
(b) from those data and other information which is in the possession of, or likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual, and any indication of the intentions of the data controller or any other person in respect of the individual. (Section 1(1)).
Personal data will therefore cover basic details such as name, address, telephone number, and Date of Birth.
Sensitive Personal Data
Certain data are classified under the Act as 'sensitive personal data', for example:
- Racial or ethnic origin
- Religious or other beliefs of a similar nature
- Physical or mental health or condition
- Sexual life
- Offences (including alleged offences)
Consent is required for both types of personal data, but it must be explicitly given in the case of sensitive data. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.
Why Does the Council Need to Collect and Store Personal Data?
Simply put, in order to provide you with a service we need to collect personal data for correspondence purposes and/or detailed service provision. In any event we are committed to ensuring that the information we collect and use is 'Fit for Purpose', and does not constitute an invasion of your privacy. We may pass your personal data on to our service providers who are contracted to HARROGATE BOROUGH COUNCIL in the course of dealing with your request. Our providers are obliged to keep your details securely, and use them only to fulfil your service request. Once your service need has been satisfied or the case has been closed, they will dispose of the details in line with Council policy and procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your consent, unless we are legally required to do so.
How the Council Uses Your Information
The Council will process, that means collect, store and use the information you provide in a manner that is compatible with the Data Protection Act. We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept, but in most cases the Council will use its discretion to ensure that we do not keep records outside of our normal business requirements i.e. providing a service to you.
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Using Your Personal Data
We will use the information you provide for the following purposes:
- Regulatory, Licensing and Enforcement functions, which the Council is obliged to undertake.
- All financial transactions to and from the Council, including payments, grants and benefits. Where monies are due or outstanding the Council reserves the right to use all the available information (excluding Council Tax information) at its disposal to protect public funds.
- Where you have agreed for the purpose of consulting, informing and gauging your opinion about our products and services
- To ensure the Council meets its statutory obligations, including those related to diversity and equality of opportunity.
- To protect the public funds it administers to this end we may use the information you have provided for the prevention and detection of fraud. We may also share this information with other bodies responsible for auditing or administering public funds for these purposes
Joined Up Services Sharing Basic Details across Council Services
The Council is serious about delivering appropriate, timely and effective services it is important to us that we co-ordinate what we do for you properly. To achieve this we aim to improve our centralised customer database, so that it acts as an intelligence hub for our services. This means, for example, that the system will report any change of address to other services within the Council, so you won't have to repeat it every time you phone up the Council.
Over time we aim to ensure that we have one master record containing your basic details, together with information about the nature of your transactions. The database is not designed to provide intimate details of the services you have received - but rather to ensure that we are not asking you to repeat basic information for each service you require. It will also help us to tailor our services to meet your needs, and ensure that your requests are being dealt with, rather than simply lost in 'the system'.
You will always have the right to opt out of this that is, not provide the information. However, remember that we are only collecting it for the purpose of improving the services on offer to you. We will not use your information for third party marketing purposes, or pass it on to third parties, other than those who either process information on our behalf or because of a legal requirement.
If you would like to know more or have any concerns about how your information is being processed please contact
foi@harrogate.gov.uk
Links to Data Protection Policies