Who will own my data once I submit it?
Knowsley Metropolitan Borough Council – Community Safety Partnership
Why do you need my information?
Community Safety Partnerships were established by the Crime and Disorder Act 1998, and require statutory partners (known as responsible authorities) to work in cooperation to reduce crime and disorder within their local government area.
The Knowsley Community Safety Partnership has governance over a number of strategic, tactical and operational meetings. These particular meetings and services discuss personalised and sensitive information about individuals, families or groups. Personalised information means information from which an individual could be identified which may also include a range of sensitive information regarding the individual, their child or family member. The meetings may also share sensitive, restricted and confidential police information. Information is shared with partners named within the Information Sharing Agreement, there will be occasion to share information with partners without consent or client permission in order to protect and safeguard children or vulnerable adults from harm: or to aid in the prevention and detection of crime.
What allows you to use my information?
The main legislative powers that assist the sharing of data and information are:
- The Crime & Disorder Act 1998
- The Police & Justice Act 2006 and Crime Disorder (Overview & Scrutiny) regulations 2009
- Criminal Justice & Court Service Act 2000
- The Children Act 1989
- The Children Act 2004 (also Working Together to Safeguard Children 2015)
- ·The Care Act 2014
- ·The Mental capacity Act 2005 and Deprivation of Liberty safeguards 2007
- ·Mental Health Act 1983
- ·Preventing and Combating Violence Against Women and Domestic Violence (Ratification of Convention) Act 2017
Modern Day slavery Act 2015
Public Interest Disclosure Act 1998
Safeguarding Vulnerable Groups Act 2006 and the Protection of Freedoms Bill
UK General Data Protection Regulations (UK GDPR) Legal Basis:
Article 6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Article 9(2)(g) processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
Article 9(2)(h) processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of domestic law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3.
The associated conditions in UK law is provided in:
Schedule 1, Part 1, 1(1) of the Data Protection Act 2018 – employment, social security and social protection.
Schedule 1, Part 1, 2(2) of the Data Protection Act 2018 – the provision of health care or treatment and the provision of social care.
Schedule 1, Part 2, 10 of the Data Protection Act 2018 – preventing or detecting unlawful acts.
Schedule 1, Part 2, 18 of the Data Protection Act 2018 – safeguarding of children and of individuals at risk.
UK GDPR is set aside where the data being processed is not classed as personal data. For example, where data is anonymised, suitably pseudonymised or is aggregate data. In addition, Common Law Duty of Confidentiality does not apply when the data is shared in this format.
For direct patient care the Common Law Duty of Confidentiality is addressed by implied consent. “Section 251B [of the Health and Social Care Act 2012 (as amended by the Health and Social Care (Safety and Quality) Act 2015)] and implied consent under CLDC will together provide the lawful basis to share in most cases of direct care. In these cases, and any cases of direct care based on explicit consent, the national data opt-out will not apply.”
Use of personal data and what information may be shared
Personal data includes records of domestic abuse reports, antisocial behaviour reports, hate crime reports, partnership calls for service, noise nuisance reports with an antisocial behaviour angle and identified hot spots. The purpose of this processing is to reduce crime and disorder. This is a statutory duty under the Crime and Disorder Act 2014.
Processing of sensitive personal data is necessary to identify potential instances of hate crimes.
Categories of personal data and lawful basis
In order to provide this service, we may need to use some or all of the following categories of personal information:
- contact details
- address (current and previous)
- criminal convictions
- police warning flags
- all relevant police intelligence
- risk associated with person or place
Under data protection legislation, processing of this data is allowed because we have a statutory duty to reduce crime and disorder.
Categories of sensitive personal data and lawful basis
In order to provide this service, we may need to process some or all of the following categories of sensitive (special category) personal information:
- safeguarding concerns
- health data (physical, emotional and mental health)
- sexual orientation
Whilst police information (criminal allegations, proceedings or convictions) is not special category data, there are similar rules and safeguards adhered to when processing this type of data and it will therefore be treated as sensitive information.
Under data protection legislation, processing of your information is allowed because it is for reasons of substantial public interest.
Who will my information be shared with?
An information agreement is in place to share Information as needed within the legal gateways set out above, there will be occasion to share information with partners without consent or client permission in order to protect and safeguard children or vulnerable adults from harm: or to aid in the prevention and detection of crime. Information may be shared with one or more of the following organisations or services:
|Community Safety Service
|Early Help and Prevention/Family First
||The First Step
|Children’s Social Care
||The Probation Service
|Adult Social Care
|Strategic Housing & Housing Solutions
||The Ruby Project
|Youth Offending Service
||Rape and Sexual Abuse Support Service
||Other MARAC outside of Knowsley
Do I have to provide this information and what will happen if I don’t?
There will be occasion that the partners involved in the Community Safety Partnership or the strategic, tactical meetings or operational services will need to share information with partners without consent or client permission in order to protect and safeguard children or vulnerable adults from harm: or to aid in the prevention and detection of crime. Information may be shared with one or more of the following organisations or services:
How long will you keep this data for and why?
Personal information relating to referral, case management or risk assessment processes will be stored within The Liquid Logic IT Early Help System. Individual case files and risk assessment conference information will be retained by KMBC in line with the Council’s corporate data retention policy and process.
Individual Case files will be retained for 6 years, 25 years if a child is involved. Those case files that form part of a Domestic Homicide Review will be retained for 100 years.
How will my information be stored?
The Community Partnership is responsible for a series of strategic, tactical and operational meetings Information is shared, recorded and stored via the KMBC secure Early Help System within The Safer Communities RAC Workspace and the Safer Communities SCT Workspace which is restricted to; The Safe Communities Service, key partners utilising the system, those from MASH or CSC due to safeguarding purposes and all partners and agencies who form the wider Community Safety Partnership and the associated meetings.
Will this information be used to take automated decisions about me?
Information is shared with partners named within the Information Sharing Agreement, there will be occasion to share information with partners without consent or client permission in order to protect and safeguard children or vulnerable adults from harm: or to aid in the prevention and detection of crime. You will have a right to object to this happening however legal gateways will be applied if necessary.
Will my data be transferred abroad and why?
What rights do I have when It comes to my data?
You have the right under the Data Protection Act 2018 (UK General Data Protection Regulation) to request a copy of your information and to know what it is used for and how it has been shared. This is called the right of subject access.
Under the General Data Protection Regulation, you have the following rights with regards to your personal data: -
- The right to subject access – you have the right to see a copy of the personal data that the Council holds about you and find out what it is used for
- The right to rectification – you have the right to ask the council to correct or remove any inaccurate data that we hold about you
- The right to erasure (right to be forgotten) you have the right to ask the council to remove data that we hold about you
- The right to restriction – you have the right to ask for your information to be restricted (locked down) on council systems
- The right to data portability – you have the right to ask for your data to be transferred back to you or to a new provider at your request
- The right to object – you have the right to ask the council to stop using your personal data or to stop sending you marketing information, or complain about how your data is used
- The right to prevent automated decision making – you have the right to ask the council to stop using your data to make automated decisions about you or to stop profiling your behaviour. (where applicable)
To find out more about your rights under the GDPR, please visit the Information Commissioner’s website.
To request a copy of your data or ask questions about how it is used, please download a copy of our form from http://www.knowsley.gov.uk/system-pages/privacy-policy#access and send it to: -
Data Protection Officer
Or email: [email protected]
Who can I complain to if I am unhappy about how my data is used?
You can complain directly to the Council’s Data Protection Team by writing to: -
Data Protection Officer
Or email: [email protected]
You also have the right to complain to the Information Commissioner’s Office using the following details: -
The Information Commissioner's Office
Cheshire SK9 5AF
Telephone: 08456 30 60 60 or 01625 54 57 45