Adult Care Forums: Data Privacy Notice

The GDPR sets out the information that you should supply and when individuals should be informed.

The information you supply about the processing of personal data must be:

• concise, transparent, intelligible an easily accessible
• written in clear and plain language, particularly if addressed to a child
• free of charge

The identity and contact details of the company Reading Borough Council

Contact details of the Data Protection Officer (DPO): Nayana.George@reading.gov.uk

What personal data is held?

A consolidated list of people who have expressed an interest in being involved in consultations, focus groups, mystery shopping and Adult social care forums, and to receive invitation to meetings/events/various information relating to wellbeing, health etc…

We hold the following information:

• Name
• Address
• Telephone number
• Mobile number Email
• Whether the forum member identifies as: Carer / Service user / voluntary organisation / Faith group

Areas of concerns/interest

• There are a number of distributions lists held for each forum:
• Community and Faith Groups – emails
• Older People’s Working Group – emails
• Older People’s Working Group – postal addresses
• Carers Steering Group – emails and postal addresses
• Physical Disability and Sensory Needs Network – emails
• Physical Disability and Sensory Needs Network – postal addresses
• Adult Social Care User Panels – email and postal addresses

How will the data be stored?

E.G on secure encrypted laptops and systems. List any other security measures taken
to ensure security of the data.
The data is stored in a secured shared area on secure encrypted systems.
The area where the data is stored is accessed by a limited number of users.

Reading Borough Council staff working for the Wellbeing Team, part of Adult Care
and Health Services.
The secure shared area can only be accessed with a username and password. Each
system user has an individual username and password and a user profile which only
allows them to access the details they need to carry out their job.

What is the legal basis for the collection, use and storage of the data?

Describe for what purpose you need the data.

Under the Care Act, local authorities have new functions. This is to make sure that
people who live in their areas:

• receive services that prevent their care needs from becoming more serious, or delay the impact of their needs
• can get the information and advice they need to make good decisions about care and support
• have a range of provision of high quality, appropriate services to choose from

The Care Act helps to improve people’s independence and wellbeing. It makes clear that local authorities must provide or arrange services that help prevent people developing needs for care and support or delay people deteriorating such that they would need ongoing care and support.

Local authorities have to consider various factors:

• what services, facilities and resources are already available in the area (for example local voluntary and community groups), and how these might help local people
• identifying people in the local area who might have care and support needs that are not being met
• identifying carers in the area who might have support needs that are not being met

In taking on this role, local authorities need to work with their communities and provide or arrange services that help to keep people well and independent. This should include identifying the local support and resources already available and helping people to access them.

The Adult Care Forums are one of the vehicles that help Reading Borough Council meet this responsibility under the Care Act : prevention, information and advice, and shaping the market of care and support services.

Give details of how long the data will be stored and criteria used to determine this?

The Generic Retention schedule for section 1. Administration / Distribution lists reads:
How long kept: until updated
Action at the end of that period: Destroy
Updates to address and contact details and areas of interest are carried out on a regular basis, as and when required.
If the distribution list is no longer needed for its intended purpose, it will be destroyed.

Who will it be shared with and for what purpose?

Under the GDPR we have a legal duty to pass information to third party organizations such as the Police, The Department of Work and Pensions and antifraud agencies for the purposes of preventing and detecting crime, or for antifraud purposes.

How can the service user get access to it?

Subject Access Request can be made by following the link:
https://www.reading.gov.uk/the-council-and-democracy/council-strategies-plans-and-policies/data-protection/
Forums’ members cannot access the information and any information relating to
other forums’ members.

State whether any data is to be transferred outside the EU?

If so how will the data be safeguarded?
Not applicable

Is processing based on consent?

The right to withdraw consent at any time needs to be communicated
Processing is based on consent. When registering their interest, forums’ members consent that their contact details are stored for the purpose of being listed on their preferred distribution list and of receiving information related to the forum they have selected.

What other rights does the service user have that we have to make known to them?

The right to have their data corrected, the right to have their data deleted and their right to put a complaint to the Information Commissioner’s Office (ICO)

The forum member has a right to have their data corrected or deleted.
Members are reminded of this on a regular basis at meetings/events and in order to ensure the data is kept up to date at all times.
The service provider has a right to put a complaint to the Social Care Complaints Team if they think their data has been misused.

State if there will be any automated decision making

Refer back to the IG team if yes
Not applicable

Consent

The GDPR sets out a higher standard for consent than the Data Protection Act. The GDPR defines consent as ‘any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.’

Consent has to be a positive indication of agreement to personal data being processed. It cannot be inferred from silence, pre-ticked boxes or inactivity. Opt out consent is no longer acceptable under the GDPR. The GDPR is clear that controllers have to demonstrate that consent was given, so a review is best practice in order to ensure there is an effective audit trail.

How should you write a consent request?
Consent requests need to be easy to understand and separate from any other information such as general terms and conditions.

The consent request must include the name of your organisation and the names of any third parties who will rely on the consent.
Your purpose for wanting the data and the processing activities you will be doing with the data need to be included.
The right to withdraw consent at any time and how to do this must be included.