JISCMail - DATA-PROTECTION Archives

Dear All,
Friday question territory so bear with me.

Council wants to use social care information provided by a client.

Council says “We meet our Article 6 lawful basis with 6(e) “Public Task”, and we meet our Article 9 with 9 (2) (h) (social care)”

Person says “Wait you need my consent to use this information.”**

Their argument is that anyone relying on 9 2 h must consider 9(3) “those data are processed by or under the responsibility of a professional subject to the obligation of professional secrecy” Therefore, you can only process with my consent since you are subject to a duty of secrecy which is also a duty of confidence. If you are dealing with confidential data, then you can only process with my consent.

They argue that NHS guidance says: https://www.health-ni.gov.uk/articles/common-law-duty-confidentiality
Three circumstances making disclosure of confidential information lawful are:
·        where the individual to whom the information relates has consented
·        where disclosure is necessary to safeguard the individual, or others, or is in the public interest
·        where there is a legal duty to do so, for example a court order
They argue that disclosure is the same as use in that anyone outside the team who might use, such as when social care information is shared across teams as the person moves along the care referral process from referral team to assessment team to social welfare team. Therefore, if you use my personal information without my consent then we will sue you for Misuse of Private Information.***

Now the counter argument is following.

The council is correct to collect the personal data with 6 (e) public task and not 6 (a) consent because consent and public task are mutually exclusive. You cannot rely on both since you don’t consent to a public task in that you cannot withdraw from council tax and ask the council to stop processing your council tax.

The council is also correct to rely on 9 (2) h for social care as they are delivering social care. If they were delivering safeguarding they would rely on Schedule 1 paragraph 18 http://www.legislation.gov.uk/ukpga/2018/12/schedule/1/paragraph/18/enacted

The client is incorrect to argue about consent for use because of the above. They would have a view to disclosure or sharing with another organisation since that would raise confidentiality issues.

Does this make sense?

**This is not going to work because lawful basis are mutually exclusive. You cannot use consent and public task or consent and contract for the same processing because consent cannot be truly withdrawn if you are continuing to process on the other basis.

***The client could not apply for damages under MoPI since it is within a public organisation delivering a public service. They would have a case for a breach of confidence but only to the point where they could show it was actionable.

What are your views?

Thanks

Lawrence


Lawrence Serewicz
Information and Records Manager
Transformation and Partnerships
Durham County Council
County Hall
Room 143-148 4th Floor
Durham
County Durham
DH1 5UF

Direct 03000 268 038
Switchboard 03000 26 0000

www.durham.gov.uk
Follow us on Twitter @durhamcouncil
Like us at facebook.com/durhamcouncil
Follow us on linkedin.com/company/durham-county-council
[43148 GDPR email bannerFINAL]


________________________________

Customer Notice

We have recently updated our terms and conditions for all our services, including making some important updates to our privacy notices. To find out more about how we collect, use, share and retain your personal data, visit: www.durham.gov.uk/dataprivacy<https://www.durham.gov.uk/dataprivacy>


Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.

________________________________

Customer Notice

We have recently updated our terms and conditions for all our services, including making some important updates to our privacy notices. To find out more about how we collect, use, share and retain your personal data, visit: www.durham.gov.uk/dataprivacy<https://www.durham.gov.uk/dataprivacy>


Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^