Covid-19- Privacy information relating to how the council will deal with your data during the current coronavirus crisis
This privacy notice is an addendum to our overarching Privacy Notice (below) and explains how Camden Council (as a Data Controller) will collect, use and protect personal data specifically with regard to the Covid-19 (coronavirus) Pandemic.
The council already holds data regarding residents, employees and stakeholders. You may have provided this information for a specific reason. Normally, the council would seek to inform you that the data provided would be used for a different purpose. Due to the rapidly emerging situation regarding the current pandemic this will not always be possible. If we already hold information regarding vulnerability as defined in the current guidance from the Government and Public Health England, we may share this for emergency planning purposes or to protect your vital interests by sharing with services both inside and outside the council.
The Information Commissioners Office has published its own FAQs on data handling during the pandemic.
We may in this current crisis need to ask you for personal information including sensitive personal information for example your age or if you have any underlying illnesses or are vulnerable, that you have not already supplied. This is so the council can assist and prioritise its services.
Your personal data
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller's possession or likely to come into such possession. Some of your personal data is classed as 'special category data' because it is the information that is considered to be more sensitive and therefore requires more protection. This includes your medical data.
Legal basis for processing your personal data
How we are processing your personal data will determine the legal basis for processing. The legal bases for processing by the council as a public authority will be:
1. Where disclosure is in the vital interests of yourself or another person (Article 6(1)(d) and 9(2)(c) GDPR)
2. Where it is necessary for the reasons of substantial public interest Article 9(2)(g)
3. Where it is in the interest of public health Article 9(2)(i)
Sharing your personal data
In this current pandemic we may share your information with other public authorities, emergency services, and other stakeholders as necessary and where it is proportionate to do so.
For people who contact us requesting assistance, we will ask you to share some personal data with us such as details of your circumstance, needs and requirements so we can assess how we can help you, and where to signpost or refer you for help during the crisis. Where you have asked for help we will assess what help we can provide and will share your information with council teams and voluntary and community agencies to deliver support. Most of this sharing will be done under our powers and duties as a local council and not require consent. Where we need your consent we will ask for it and you will have the option of saying no. Where the information you give us suggests there is an immediate risk to your or someone else’s life or safety, or there is a safeguarding issue the council will share this data with appropriate agencies so urgent care and interventions can be made, and consent is not required for this. If we contacted you previously to check if you needed any help during the crisis you would have been asked if you gave consent for us to contact you about non statutory support. If you consented to this we may be in touch to ask for your feedback on the service you received. This is to help us review of the effectiveness of our support. Your response will be anonymised which means we would take all personal data out so you could not be identified. This anonymised feedback may be shared with third parties who are helping us with our reviews, but no personal details within your responses will be shared with any third parties assisting us.
The council is working with the central government department DEFRA to provide a scheme whereby self-isolating people (who are not ‘shielded’) who have no support network and who are unable to access food deliveries can ask for their data to be shared with DEFRA for onward sharing with supermarkets to offer delivery slots for home delivery of food. All information shared with DEFRA will be at the person’s request and the system used by DEFRA will be secure. Please see their privacy information here.
Test & Trace Self-Isolation Support Payment Processing
The Self-Isolation Support Payment scheme provides a £500 benefit payment to individuals who are required to self-isolate under the Health Protection (Coronavirus, Restrictions) (Self-Isolation) (England) Regulations 2020, where those individuals meet the eligibility criteria for a support payment.
The resident applies to the council for a support payment, and must provide evidence of their entitlement to the benefit. This is personal and special category data. This application will generally be online, although provision is being made for telephone applications to be made.
The council can access DWP information on benefit status, and NHS data on whether an individual has tested positive and been required to isolate, to check eligibility criteria. The council will share data with HMRC and DWP on operation of the scheme. Sections 6 and 7 of the Test and Trace Support Payment Scheme: Implementation Guide for Local Authorities in England (Version 0.3 pub 7 Oct) describes the process for the eligibility checks and data sharing with PHE and DWP. Section 9 describes the data that the council will provide back to PHE on the outcome of the application. In some cases where fraud is suspected, the council will need to make fraud referrals to DWP.
Council’s lawful basis
The support payment can be considered a public task for local authorities stemming from the Housing Benefit Regulations 2006, Test & Trace Support Payment Scheme falls under the definition of ‘local welfare provision’ as well as a broader public interest in both supporting individuals on low incomes, and supporting self-isolation to reduce the spread of COVID-19. The lawful basis for our processing of benefits claim is therefore
Article 6(1) (e) public task, Article 9(2)(i) public health and Article 9(2)(g) substantial public interest
Where the council is required to provide information to DWP and HMRC, (for example as described in Appendix 2 of the Test and Trace Support Payment Scheme) this is separate processing. There is a lawful basis under normal benefit legislation (eg Housing Benefits Regulations 2000) as well as a broader public task to ensure public money is paid only to those eligible. The lawful basis for sharing data with DWP and HMRC therefore would be Article 6(1) (e) public task and Article 9(2)(g) substantial public interest.
In terms of sharing with DWP in terms of fraud, the councils has a lawful basis to share information regarding fraud under the Article 6(1) (e) public task and Article 9(2)(g) substantial public interest basis.
All sharing will be undertaken by secure means, will only be used for Covid-19 response purposes, and will only be accessed by those with a need to know to help deliver a response to the crisis.
The data protection principles will be met and security of the data is paramount.
Where possible we will anonymise this data so that you cannot be identified.
How long we keep your personal data
We will only keep your personal data for as long as is necessary for the purpose for which we are processing it, unless we have a legitimate reason for keeping it, for example, any legal requirement to keep the data for a set time period. At this stage it is not known how long data relating to the management of the pandemic will be retained. We will ensure that we follow any published guidance in this respect as it becomes available.
Where we do not need to continue to process your personal data, it will be securely destroyed.
Please visit the Information Commissioner's website for further information about data protection and coronavirus.
Lateral Flow Tests
As part of the Council’s ongoing COVID-19 response, we have introduced a booking system for people to book Lateral Flow Tests. We will collect personal data which includes your full name, email address, telephone number and details of the organisation you work for. This information is needed to book the test, manage test appointments, and record correctly who has been tested. Your employer details are needed to help us understand where people are coming from which will allow us to manage demand. This data will be kept safely for 1 year and then securely destroyed.
As a Local Authority and Data Controller, London Borough of Camden collects, holds and processes a considerable amount of information, including personal information about residents, people it provides services to, and other people. It does this to provide its services in the most effective and efficient way that it can.
The Council recognises that it has a duty to people whose information it holds to treat that information responsibly, keep it safe and secure, and process it correctly and proportionately. This privacy notice explains how we use any personal information we collect about you.
Our main contact details can be found here
If you would like general information about Data Protection, the law and good practice please visit the Information Commissioner’s website. The Information Commissioner is the Data Protection statutory governing body for England and Wales.
Who is our Data Protection Officer?
The Council’s Data Protection Officer is Andrew Maughan who is the council’s Borough Solicitor. He can be contacted at firstname.lastname@example.org
What information do we collect about you and for what purpose?
We may collect personal data about you which covers basic details such as name, address, telephone number, and date of birth. We also collect some sensitive information such as ethnicity and religious beliefs, but only where it is required to provide a service or for monitoring equality of both for customers and employees. We will always explain to you why and how this information will be used.
Specific details about the purposes and legal basis for our processing of personal data can be found in our Information Asset Register.
We process personal information to enable us to provide a range of government services to local people and businesses, and some of the most significant areas are for example its roles in education and in providing schools, providing care and support for the vulnerable and looking after and improving the environment. However this also includes:
- maintaining our own accounts and records
- supporting and managing our employees
- promoting the services we provide
- marketing our local tourism
- carrying out health and public awareness campaigns
- managing our property
- providing leisure and cultural services
- provision of education
- carrying out surveys
- administering the assessment and collection of taxes and other revenue including
- benefits and grants
- planning, licensing, registration and regulatory activities
- local fraud initiatives
- the provision of social services
- crime prevention and prosecution offenders including the use of CCTV
- corporate administration and all activities we are required to carry out as a data
- controller and public authority
- undertaking research
- the provision of all commercial services including the administration and enforcement
- of parking regulations and restrictions
- the provision of all non-commercial activities including refuse collections from
- residential properties,
- internal financial support and corporate functions
- managing archived records for historical and research reasons
- data matching under local and national fraud initiatives
- Legal Services Borough Solicitor
If you would like to know more about the Council’s functions and duties please see the Council’s website
We will process personal data for the following purposes:
- For the purpose to which you provided the information. (e.g. processing information given on a housing application form for the purpose of processing your application), and to monitor the Council’s performance in responding to your request.
- To allow the Council to be able to communicate and provide services appropriate to your needs, e.g. to be able to arrange suitable access arrangements where you have mobility difficulties
- To ensure that the Council meets its legal requirements, under a range of laws including relating to diversity and equality (see Equalities) and health and safety
- Where necessary for the Council’s Law Enforcement functions, e.g. licensing, planning enforcement, trading standards, food safety, etc. where the Council is legally obliged to undertake such processing
- Where the processing is necessary for Camden to comply with its legal obligations, e.g. the prevention and/or detection of crime, safeguarding etc (for more details see Prevention and Detection of Crime)
- To process financial transactions to and from the Council including grants, payments and benefits, or where the Council works alongside other government bodies, e.g. Department for Works and Pensions
- Where you have consented to the processing or for the purpose of a contract you have entered into with us
- Where you have agreed for the purpose of consulting, informing and assessing your opinion about our products and services
- Where necessary to protect individuals from harm or injury
- Where otherwise permitted under data protection legislation e.g. disclosure to comply with legal obligations.
Departments in Camden that have personal and sensitive information on you will only allow designated officers to access or process this information. If an external agency asks us to provide any information that is sensitive and personal to you we will only disclose it once we have your specific consent to do so or where we are legally required or legally able to do so.
Camden Council may also use your personal data, after it has been anonymised, to allow the statistical analysis of data to allow the Council to effectively target and plan the provision of services (see Collecting Information Automatically)
Our aim is to provide you with a service that does not require you to repeat basic information each time you contact Camden, which is the main point of contact between you and us.
If we wish to use your personal data for a new purpose, not in line with the purpose you originally gave it to us for, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where necessary, we will seek your prior consent to the new processing.
As part of the Council’s drive towards increasing customer satisfaction with its services we try to encourage people to contact us via Contact Camden. When you telephone Camden (particularly for the first time) you will talk to one of our Contact Camden officers. They will ask you for information which will be shared within the council in order for us to deliver services for you. Failure to provide this information might affect how we can support you in line with our responsibilities. In some cases you may also be asked to give consent to the use of the information for wider purposes. If this is the case we will explain why we want that information and what we will use it for. We will stick to what we have agreed.
For some of our services we need to collect information from you so we can contact you or to provide the service. The information that you provide will be logged on our database for future reference and this information may be accessed by other departments within the Council. This central system will record any change to your details, so that once you have told one council department you do not have to repeat this information.
When you contact the council by phone, we record your call for training, monitoring, quality assurance and compliance purposes. Our legal basis for processing is Article 6(1)(e) Public task and Article 9(2)(g) Substantial public interest under the General Data Protection Regulation. We may refer to recordings to clarify details of conversations, to monitor staff performance and to improve on customer experience and quality of service. We keep voice recordings for the current year plus 1 year and call records for the current year plus 3 years and then delete in line with our retention schedule. There may be occasions when we need to keep recordings for longer, for example when further investigation is needed into a matter you have contacted us about.
When do we share your personal data with third parties?
The Council may disclose personal data to third parties, but only where:
- it is necessary to comply with a legal obligation, or
- where permitted under data protection legislation, e.g. where the disclosure is necessary for the purposes of the prevention and/or detection of crime; or
- where it is necessary to allow a third party working for or on behalf of the Council and/or to provide services to you. The information you provide us may be shared with other Local Authorities, the Department of Work and Pensions (DWP), HMRC and the Home Office. There will be times that the information will be disclosed to our partner organisations that provide services on behalf of Camden. Once your details are no longer required they will be deleted securely. The Council will take all reasonable steps to make sure personal data we hold is kept safe. Were your information is disclosed to a third party, the Council will seek to ensure they have sufficient systems and procedures in place to keep your data safe and prevent its loss.
Where the Council seeks to disclose sensitive personal data about you, (such as medical details) to third parties, we will do so only with your prior express consent or where we are legally required or allowed to do.
If you choose to complete any of our online forms, Camden Council will not use the personal information you give us for marketing purposes without first gaining your consent. We may pass your details on to third party service providers who are contracted to Camden Council in the course of dealing with your request Eg a homecare agency. These third parties are obliged to keep your details secure, will use them only to fulfil the request and will dispose of the information at the appropriate time.
No personal information you have given us will be passed on to third parties for commercial purposes.
Our policy is that all information will be shared among officers and other agencies where the legal framework allows it, if this will help to improve the service you receive and to develop other services.
Families with complex needs
Camden Council is part of the Government’s initiative for families with complex needs. This aims to support families struggling to cope who are facing multiple challenges.
The Council will be identifying those families with the most pressing and complex needs. This will involve some sharing of information between council departments and with other organisations. Any such sharing will be done proportionately and lawfully for the purpose of identifying those families who most need this support. Sharing will be done to ensure that services are better coordinated and focused for those families.
Further information on the Government’s Trouble Families Programme can be found at on the GOV.UK website.
For further information on Camden’s work in this area, contact 020 7974 1786.
Sharing Basic Details across Council Services - Camden Residents’ Index (CRI)
Camden Council aims to provide you with efficient and timely services and to do this we need to co-ordinate our services. To achieve this, we use Camden Residents’ Index (CRI). The CRI is a system that enables the council to link together citizen records from different source systems across the Council to give a single view of the citizen, also called a Golden Record. The system generates a view of a citizen’s involvement with different services across the council.
The CRI also displays the household view, pivoted around the address. Only records that have been active within the last two years will be included. No data is actually held in CRI so any changes to the data (as well as retention policies) are applied within the source systems. There is no third party access to CRI.
Systems that feed data into CRI include: Electoral Roll, Council Tax, Housing Benefits, Adult and Children’s Social Care system, Pupil database (Schools Admissions, SEN and Inclusions system), Parking Permits, Accessible Transport (Freedom Passes), Libraries, Contact Camden, Housing, Youth Offending, Early Years and the Connexions data.
Information provided to Camden Safety Net is not displayed in the CRI (although it is used for reporting purposes behind the scenes, eg. by the Resilient Families team). Data displayed in CRI includes basic demographic data (name, address, DOB, sex, marital status, ethnicity, contact details, source system reference numbers incl. NINO, NHS number, Unique Pupil number, and some flags (eg. disability, caution flag etc). The information displayed in CRI is used for:
- safeguarding purposes (for example to alert social workers if a new adult moves into the household – a recommendation following the tragic Baby P case)
- to improve customer care (eg. seamless electoral registration)
- to detect and prevent fraud (eg. illegal subletting)
- for online verification of some services (eg. online housing account for council tenants and the renewal of Freedom Passes).
Approximately 300 staff across the council have access to CRI. Their access is tailored on a need to know basis and the majority of the system users will only access the Adults’ records. Access to children’s records is restricted to children’s services staff (the complex families teams, children missing education, safeguarding, admissions fraud etc), system administrators and audit teams. Additionally, the system has the ability to shield records such as records restricted in the source system, or staff or celebrity records.
The Homelessness Reduction Act was brought into effect throughout England on 3rd April 2018.
As part of putting this new Act into practice, Local Authorities have been asked to provide the Government with some specific data in order to help them with a study called ‘Understanding more about what causes homelessness and how well homelessness services meet peoples’ needs’.
Child protection information sharing project (CP-IS)
The child protection information sharing project is an NHS England national initiative that has been developed to improve the protection of children known to children’s social work services.
The project links the IT systems of NHS unscheduled care settings (hospital emergency departments, out of hours GPs, walk in centres, minor injuries units, paediatric wards, ambulance services and maternity units) to the IT systems used by children’s social work so that information can be shared about children subject to a child protection plan; children in care (looked after) and pregnant women whose unborn child is subject to a pre-birth child protection plan.
Only basic details of the child will be shared including name, date of birth, address and whether they are looked after or subject to a child protection or pre-birth plan. No details of why the child is subject to a child protection plan or is looked after will be provided.
Medical staff will be able to access the system to check whether a child who is being treated at their setting is on the list. Social services will receive an electronic notification every time a child on the list has their name searched.
Medical staff will then contact social services to provide details of the reason for the child being seen and whether any concerns have been identified.
CP-IS is a secure system and only authorised staff involved with the care of a child can access the information.
The CP-IS system is governed by a national information sharing protocol which provides the necessary safeguards for the handling of personal sensitive information.
The Rogue Landlord and Agent Checker
Camden Council is part of the Greater London Authority’s (GLA) Rogue Landlord and Agent Checker. All London councils have now agreed to participate in the Rogue Landlord and Agent Checker. It publicly displays information about private landlords and letting agents who have been prosecuted or fined by all London Boroughs and the London Fire Brigade.
The Checker is a two-tier database hosted by the GLA. The first tier is for general public access and gives details of landlords and letting agents with unspent criminal convictions for housing-related offences under such legislation as: Housing Act 2004, Housing Act 1985, Prevention of Damage by Pests Act 1949, Environmental Protection Act 1990, Protection from Eviction Act 1977, Fraud Act 2006.
The first tier includes information such as:
- landlord/agent name,
- part of home address: road name and first part of postcode.
- address of property associated with the offence,
- offence details, date of conviction, place of conviction(ie which court) and any sentence /fine
The second tier is for selected staff in Private Sector Housing teams at all London local authorities, to view spent and unspent convictions, cautions, and civil penalty notices (up to six years old) in addition to the information in Tier 1.
The Checker will support Camden housing officers, environmental health officers, fire brigade officers and trading standards officers in their enforcement efforts, through information sharing and increased awareness amongst renters, landlords and letting agents of the work that councils are doing locally to crack down on criminal behaviour. The processing is considered to be necessary in respect of the performance of our underlying statutory powers of enforcement and for reasons of substantial public interest.
Information on the Checker will be shared from three London Borough of Camden departments (private sector housing, trading standards and housing options) with the other London Boroughs.
The database is a secure system and only authorised senior staff can edit and add details on the database. Camden has an Information Sharing Procedure agreed with the GLA relating to the Rogue Landlord and Agent Checker.
Further information can be obtained from the GLA.
You have rights under the General Data Protection Regulations and Data Protection Act 2018 about data we hold about you. You can find more information about your rights here and on the Information Commissioner’s website.
The legal basis for processing is Consent . By visiting one of the Council’s Facebook pages, you consent to your personal information being processed. You do not need a Facebook account to visit a page which we administer.
We use Facebook ‘Insights’ which provides us with statistics and insights to our page. We do not receive personal data through the Insights tool. The information can only be seen by page administrators and helps us to understand the types of actions people take on our page and helps us to better understand page performance. Learn more about how Facebook processes your personal data for Facebook Insights.
Facebook collects Cookies, which are small files stored on a user's computer and is designed to recognise specific client and website interaction. Cookies can recognise your computer so you don't have to give the same information several times, recognise you may already have given a username and password or measure how people use the website.
The Council is under legal duties to have regard to the impact of its policies and operation upon various groups based on factors such as age, sex, ethnic origin, race, sexual orientation. Gathering and analysing statistics on these factors allows the Council to ensure it implements and designs its policies in as fair a way as it can. It regularly prepares equality impact assessments on particular polices to ensure that those policies do not unfairly impact upon any groups and it also uses them to ensure that it complies with its duty to promote relations between different groups. Such statistical data does not allow for the individual identification of any specific person and it will not impact upon any individual’s particular entitlement to services and or facilities.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary and in line with our corporate data retention schedule
Ways of communicating with us securely
We give you the option of using a secure transmission method to send us the following types of personal data:
- Primary personal data (such as name and contact details)
- Identifiers (such as credit card details, website password)
The two tools that are available to Camden Officers are Egress and CJSM. These tools will be used to securely share your personal information with you. Egress is free software and is available to use by all organisations and individuals. Further details on Egress and CJSM are available from the council by email email@example.com
All our employees and data processors with access to, and associated with the processing of, personal data are obliged to respect the confidentiality of our customers’ personal data.
We ensure that your personal data will not be disclosed to government institutions and authorities except if required or permitted by law or other regulation.
Security of your information
In deciding what personal data to collect, hold and use, the Council is committed to ensuring that it will:
- Recognise that any personal data handled by Camden is held on behalf of that person and that we ensure we respect that responsibility
- Adopt and maintain high standards in respect of the handling and use of that personal data
- Only collect, hold and use personal data where it is necessary and proportionate to do so
- Securely delete any personal data when no longer needed
- Keep your personal data secure and safe
- Not unnecessarily and without good reason, infringe the privacy of those upon behalf we hold data
- Consider and address the privacy risks first when planning to use or hold personal information in new ways, such as when introducing new systems
- Be open and transparent with individuals about how we use their information and who we give it to
- Make it easy for individuals to access and correct their personal information (see Your rights)
- Ensure that there is effective safeguards and systems in place to make sure personal information is kept securely and does not fall into the wrong hands
- Provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or don’t look after personal information properly
- Put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises
- Have a robust data breach reporting procedure that effectively manages the risks and includes actions to minimise a similar breach occurring again.
- Regularly check that we are living up to our promises and report on how we are doing
Transfer of data abroad
We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
Unless subject to an exemption under data protection legislation you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which the Council holds about you
- The right to request that the Council corrects any personal data if it is found to be inaccurate or out of date
- The right to request your personal data is erased where it is no longer necessary for the Council to retain such data
- The right to withdraw your consent to the processing at any time, but only if we have relied on your consent to process your data when you supplied it to us
- The right, in certain circumstances, to request that the Council provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability). [Note: this only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case the Council processes the data by automated means]
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right, in certain circumstances, to object to the processing of personal data. [Note: this only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office. See Complaints
Find out more about your rights.
Review of this statement
Camden will keep this privacy statement under regular review. If this statement changes in any way, we will place an updated version on this page and take steps to communicate any changes to you, where appropriate.