Privacy statement

Adult Social Care

How we handle your personal information

Data protection

We keep information about the people we provide with adult social care services and advice. Personal data identifies a living person and/or includes any expression of opinion about that person.

'Sensitive personal data' might include:
  • racial or ethnic origin
  • religious or other beliefs of a similar nature
  • physical or mental health or condition
  • sexual life
  • offences (including alleged offences)
All personal data is processed in accordance with your rights under the Data Protection Act 1998. It lays down eight principles of good information handling which state that personal information should be:

  1. Processed fairly and lawfully
  2. Obtained only for specified and lawful purposes
  3. Adequate relevant and not excessive for the purpose
  4. Accurate and up to date
  5. Kept no longer than necessary
  6. Processed in accordance with the rights of the data subject
  7. Protected against unauthorised or unlawful processing, and against accidental loss or destruction
  8. Not transferred outside of the European economic area unless adequate level of protection ensured

How information is stored

We use an electronic case management system to store information about you. We may also have historical information on paper case files.

We have security measures in place to safeguard the confidentiality of your records and prevent any unlawful access to your personal data.

For example:
  • restricted access to council buildings means that only authorised staff members are able to gain entry to areas where records are kept
  • passwords on computer records mean that only case-workers with a need to know have access to your information
  • locked systems are in place for paper records
  • archived material is held in secure purpose built premises or held on secure electronic systems
  • we will make arrangements to confidentially dispose of customer information once a case is closed to us and has fallen outside of our retention period, after which it is no longer necessary to be kept by the department

Why personal records are kept

The information we hold helps us to decide the best way to help people. We need to keep this information to help plan and provide the correct services for you.

Where we do not directly provide the service, we may need to pass your personal data onto the people who provide the service. These providers are obliged to keep your details safe and secure, and use them only for social care services.

After you have finished receiving services from us, we may keep the information we hold about you if it seems likely that you might need our services again, or we are requested by law to do so. We will not keep your records for longer than is necessary.

The sort of information that is kept

When you ask for help or advice from us, we collect information about your personal and family circumstances. Other people - for example members of your family, medical professionals or support agencies - might also give information. We keep notes of meetings and conversations with you and with other people. We hold electronic records of your assessments, care and support plans, reviews and any investigations that take place.

We will ensure that your personal data is treated as confidential where appropriate, is relevant, accurate and kept up to date.

Who can see the information held about me

Only those staff involved in providing social care services can see the information – this may include social workers, care managers, occupational therapists, mental health workers, administrative staff and some colleagues from other council services. 

All our staff are required to abide by a strict code of conduct on confidentiality and information sharing. We emphasis the importance of sharing information at an early stage to ensure you get the service you require.

We may also share some information with other staff who do not work for us but are involved in providing support to you. This may include, for example, your GP or care provider.

In circumstances where the disclosure of personal data is necessary, our staff understand when, why and how to share information.

This includes:
  • asking for your consent at the outset, and recognising when consent may not be required
  • only sharing information with those who need to know in order to provide you with good quality care
  • sharing the minimum information necessary to ensure good quality care
  • sharing information for legal or contractual reasons or if in the public interest or to reduce risk of significant harm

Your rights to subject access

Under the Data Protection Act, you, as a 'data subjects', are entitled to have access within 40 days following a request to information we hold regarding your personal details. 

Under the Act you are also entitled to:
  • a description of the data being processed
  • the purposes for which it is being processed
  • a description of the recipients
  • the source of the data
  • where any decision is taken based solely on an automated process.

These are called subject access requests and must be made in writing to the corporate data management team. There are some exemptions to disclosure of information to data subjects under the terms of the Act. 
The Data Protection Act does not give third parties rights of access to personal information about individuals still living.

How to find out more

For more information about data protection, or to make subject access request contact: 

Complaints and Information Access Officer (CIAO)
Strategic Business
Royal Borough of Kingston upon Thames
Guildhall
Kingston upon Thames
KT1 1EU

If you have any questions about your care or support please contact your care management team or the social services contact centre on 020 8547 5005.