We often enter into data sharing agreements with third parties who deliver public services on our behalf under these agreements we may share your information with the third party in performance of our public task, we will only share your information when it is completely necessary to do so and only the minimum information will be shared. Instead of entering into specific data sharing agreements some are done via the Surrey Multi-Agency Information Sharing Protocol (MAISP) which provides a common understanding for all the agencies in Surrey to work to and is recommended for use where there is no context-specific protocol – all members of MAISP are bound by its principles.
Sharing information about individuals between public authorities is often essential if we need to keep people safe, or ensure they get the best services. This sharing must only happen when it is legal and necessary to do so and adequate safeguards are in place to protect the security of the information.
The Council will / may share your information within the Council to ensure that all our records about you are accurate, or where there is a necessity for different departments to provide a service to you.
For more information on how the different services within the Council may share your information please look at the individual service privacy notice.
Vulnerable Persons Data
The Council has a statutory requirement to collect, use and share vulnerable adult data under the Civil Contingencies Act 2004, the act places a duty on authorities to “maintain plans for the purpose of ensuring that if an emergency occurs or is likely to occur it is able to perform its function so far as necessary for the purpose of preventing, reducing, controlling or mitigating its effects”. As part of this planning we may share vulnerable adults data including your name, address and vulnerability characteristics with other Surrey Local Resilience Forum partners (e.g. emergency services, local authorities, health trusts, voluntary organisations/charities, utility companies, transport companies, government agencies) to facilitate planning, facilitate response and recovery during incidents, and other activities in relation to Civil Contingencies work. We are allowed to share this data under the legal basis; legal obligation, public task and to protect the vital of interests of individuals. When we share this date we ensure that adequate safeguards are in place and only the minimum information is shared.
Prevention of fraud and crime
We also collect, use and share Personal Data Interally and to other bodies responsible for auditing and administering public funds, or where undertaking a public function in order to detect fraud and protect public funds. For example, we participate in the Cabinet Office’s National Fraud Initiative which compares computer records, usually personal information, to locate data differences as these may indicate potentially fraudulent claims and payments. View further information regarding the National Fraud Initiative’s data matching exercise.
Transferring data outside of the EEA
The Council does not share data with organisations outside of the UK and European Economic Area (EEA), however the Council is moving some of its IT systems to cloud based solutions, this could mean that a cloud server may be housed outside of the UK or EEA. Data must not be transferred to a Country or territory outside the UK or EEA unless that Country or Territory protects the rights and freedoms of Data Subjects. Where the Council uses cloud based IT solutions it will always complete a Data Privacy Impact Assessment (DPIA) to identify exactly where the data is being stored and only when we are completely satisfied that the location meets the standards and contracts are in place, will we adopt the service.