Who do we share personal data with?
We sometimes need to share information with the individuals we process information about and other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Bill. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with:
- courts, prisons
- courts and tribunals
- credit reference agencies
- current past and prospective employers and examining bodies
- customs and excise
- data processors
- debt collection and tracing agencies
- disclosure and barring service
- educators and examining bodies
- family, associates or representatives of the person whose personal data we are processing
- financial organisations
- healthcare professionals
- healthcare, social and welfare organisations
- housing associations and landlords
- international law enforcement agencies and bodies
- law enforcement and prosecuting authorities
- legal representatives
- licensing authorities
- local and central government
- ombudsman and regulatory authorities
- partner agencies, approved organisations and individuals working with the police
- police complaints authority
- police forces, non-home office police forces
- political organisations
- press and the media
- private investigators
- professional advisers and consultants
- professional bodies
- providers of goods and services
- regulatory bodies
- religious organisations
- security companies
- service providers
- students and pupils including their relatives, guardians, carers or representatives
- survey and research organisations
- trade unions
- voluntary and charitable organisations
London Counter Fraud Hub
Ealing Council has a duty to protect the public funds it administers, and accordingly may use the information you have provided for the prevention and detection of fraud.
As part of the council's fraud prevention and detection activities the Council participates in the London counter-fraud hub. The hub is run by CIPFA on behalf of a number of London boroughs. As a participant in the hub, Ealing Council will share your details with the hub in order to protect against fraud. Your details will be checked in the counter-fraud hub to ensure the information that you have provided is accurate and to identify any suspected fraudulent claims. If fraud is suspected your information may be shared with other London Boroughs that are identified as being affected by the suspected fraud.
The council may also share this information with law enforcement agencies and other bodies responsible for auditing or administering public funds for these purposes.
National Fraud Initiative
As part of the council's fraud prevention and detection activities, the council participates in the National Fraud Initiative (NFI). The data matching exercise is run by the Cabinet Office.
Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body to see how far they match. The data is usually personal information. The data matching allows potentially fraudulent claims and payments to be identified. Where a match is found it may indicate that there is an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.
The processing of data in a data matching exercise is carried out Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under data protection legislation or the GDPR.
All bodies participating in the Cabinet Office’s data matching exercises receive a report of matches that they should investigate, so as to detect instances of fraud, overpayments or underpayments and other errors, to take remedial action and update their records accordingly.
Use of health data
Ealing Council is a data controller for the purposes of the General Data Protection Regulation/ Data Protection Act 2018. The public health team at Ealing Council also has a legal status allowing the processing of personal confidential data for certain public health purposes. The use of such data will be restricted so that the principles contained in the act are fully adhered to. The legal basis is section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
To deliver public health, Ealing Council use available health data sources to get relevant health and social care information. This data can contain person identifiable data such as name, address, age, sex, ethnicity, disease, use of hospital services and/or NHS Number. Some data may not be obviously identifiable. However, it may be possible to deduce individuals’ identities through combinations of information.
Ealing Council will have access to the following data:
- Primary care mortality database
- holds mortality data provided at the registration of death, GP details, geographical indexing and coroner details (if relevant)
- Births and vital statistics
- data about births includes date of birth, sex, birthweight, address, postcode, place of birth and age of mother
- vital statistics give aggregated cause of death tables broken down by age, sex and area
- Hospital episode statistics
- contains details of inpatient admissions, outpatient appointments and A&E attendances at NHS hospitals in England.
Ealing Council's public health service will access health and related information to analyse the health needs and outcomes of the local population and for monitoring trends and patterns of diseases and the associated risk factors.
The public health team is committed to using pseudonymised or anonymised information as much as is practical, and in many cases this will be the default position. Pseudonymisation is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field. The purpose is to render the data record less identifying and therefore lower customer or patient objections to its use. Anonymisation is the process of removing identifying particulars or details from something (such as medical test results) for statistical or other purposes.
All information accessed, processed and stored by public health staff will be used to measure the health, mortality or care needs of the population; for planning, evaluating and monitoring health; protecting and improving public health. It is used to carry out and support:
- health needs assessments
- health equity analysis
- commissioning and delivery of services to promote health and prevent ill health
- public health surveillance
- identifying inequalities in the way people access services
- joint strategic needs assessment
- health protection and other partnership activities
You have the right to opt out of Ealing Council receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on the specific data and what programme it relates to. For further information, please contact the public health team by email email@example.com
Credit reference agencies
For more information about how the three main credit reference agencies Callcredit, Equifax and Experian, (also called “credit reference agencies” or “CRAs”) each use and share personal data (also called ‘bureau data’) they receive about you and/or your business that is part of or derived from or used in credit activity please visit the Call Credit website.