This privacy notice is to be read in conjunction with the full privacy notice.
All local authorities have a duty to improve the health of the population they serve.
The public health service at the Royal Borough of Kingston upon Thames is responsible for protecting and improving the health of the population of Kingston. To do this we provide a range of services, such as those to help people make a lifestyle change e.g. smoking cessation services, weight management services and contraceptive services; provide guidance and advice to the public and professionals; and monitor and publish intelligence about local health and wellbeing needs to help the Council, NHS and other partners plan services to meet the needs of the people of Kingston.
To help with this, we use data and information from a range of sources, including the Office for National Statistics (ONS), Public Health England, NHS-England, NHS Digital, local Clinical Commissioning Groups (CCGs), GPs and hospitals to understand more about the health and care needs in Kingston and to support our public health functions. This data also includes data collected at the registration of a birth or death.
Whilst much of this information is collected at a whole population level, some of the data provided is at an individual level. This is known as Personal Identifiable Data (PID). We manage this data in the same way as NHS organisations under the same regulations as detailed below.
You have the right to:
- Opt out of having data about you being collected
- Object to your data being shared
- Request to see what data is held about you
Please see further information below for details of how to ‘Opt Out’.
The Royal Borough of Kingston upon Thames (RBK) has a legal status allowing the processing of Personal Identifiable Data for certain Public Health purposes. RBK is a data controller for the purposes of the Data Protection Act and is a registered ‘Data Controller’. The use of such data will be restricted so that the principles contained in the Data Protection Act 1998, EU General Data Protection Regulation (GDPR) and NHS Caldicott Principles are fully adhered to. The legal basis is section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.
The data collected by RBK Public Health
We may hold and collect PID where you receive services directly from the Council or from organisations that we commission on your behalf. We collect this information only where it is absolutely essential to do so.
The Public Health service at RBK will also have access to the following data from NHS Digital (previously the Health and Social Care Information Centre), which is supplied to us under a Data Sharing Agreement (DSA) and in accordance with the legal basis specified above. This data is only supplied to us by NHS Digital under strict license and data disclosure controls:
- Primary Care Mortality Database (PCMD) – The PCMD holds mortality data as provided at the time of registration of the death along with additional GP details, geographical indexing and coroner details where applicable. For more information please visit http://www.content.digital.nhs.uk/pcmdatabase.
- Births and Vital Statistics datasets - Births files include date of birth, sex, birthweight, address, postcode, place of birth, stillbirth indicators and age of the mother.
Data that is received through our Data Access Agreements with NHS Digital (Births data tables and Primary Care Mortality Dataset) will not be disclosed with a third party that is not identified in our licence agreement.
How is the information used?
All information accessed, processed and stored by RBK Public Health will be used to measure the health, mortality or care needs of the population; and for protecting and improving Public Health.
Examples of how this information is used include the production of:
- Joint Strategic Needs Assessments
- Annual Public Health Reports
- Health & Wellbeing Strategies
- Local health profiles
- Commissioning and delivery of services to promote health and prevent ill health
- Health protection and other partnership activities
- To support clinical audits, in particular suicide and childhood deaths
- To provide intelligence to aid the Council and Kingston Clinical Commissioning Group (KCCG) in its duty to protect and improve the health of the population.
All of the above will only include anonymised and/or aggregated data to a level that complies with the Office of National Statistics Disclosure Guidance and meets legal requirements.
Keeping the information secure
We are required to comply with the law on data protection to ensure information is managed securely and this is reviewed every year as part of our NHS Information Governance Toolkit assessment.
Any PID is sent or received using secure email. All data is stored electronically on encrypted equipment and is managed using the principles of medical confidentiality and data protection. The number of staff accessing and handling such data is limited to only those key professionals named on relevant signed information sharing agreements (where applicable), all of whom undertake regular training about data protection and managing personal information. An audit log of those that access the information within RBK is maintained.
PID will not be disclosed to anyone other than those stated above without permission, unless we have a legal reason to do so, for example disclosure is necessary to protect a person from suffering significant harm or necessary for crime prevention or detection purposes. However, we will need to share your personal data with third parties (for example your GP) in order to deliver our services. We will never sell your personal data to any party or use it for commercial purposes.
In relation to births and deaths, the data will only be processed by Local Authority employees in fulfilment of their Public Health function. Confidential public health data will only be shared with other areas of the NHS, local authorities or care organisations with the permission of the Caldicott Guardian, once the necessary legal basis has been established and data protection safeguards have been verified, so that the data is managed and used under the same restrictions. Anyone who receives information from RBK Public Health is also under a legal duty to keep it confidential.
We only keep hold of information for as long as is necessary. This will depend on what the specific information is and the agreed period of time
Special Categories data is being processed under Article 9(2) (a); (e); (h); (i); (j). The Guide to lawful basis for processing special category data on the Information Commissioner's Office website.
To opt out
You have the right to opt out of RBK Public Health receiving or holding your PID.
The process for opting out will depend on what the specific data is and what programme it relates to. For further information, please contact the Public Health team by email at: [email protected] or in writing to: Public Health, Royal Borough Kingston, 2nd Floor Guildhall 1, High Street, Kingston upon Thames, KT1 1EU or by phone on 020 8547 6804.
More information about how the Council uses your information is available from our website at: https://www.kingston.gov.uk/info/200175/your_council_democracy_and_elections/418/privacy_statement.
If you have concerns about the use of your personal data, the Information Commissioner’s Office is an independent body set up to uphold information rights in the UK. They can be contacted through their website: https://ico.org.uk/, through their helpline (0303 123 1113) or in writing to their head office: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.