Appropriate Policy Document for the Processing of Special Category Data and Criminal Offence Data including Law Enforcement Processing

Special category processing

As part of the Council’s statutory and corporate functions, we process special category data and criminal offence data in accordance with the requirements of Article 9 and 10 of the General Data Protection Regulation (‘GDPR’) and Schedule 1 of the Data Protection Act 2018 (‘DPA 2018’).

Some of the Schedule 1 conditions for processing special category and criminal offence data require us to have an Appropriate Policy Document (‘APD’) in place, setting out and explaining our procedures for securing compliance with the data protection principles.

This document explains our processing and satisfies the requirements of Schedule 1, Part 4 of the DPA 2018.
In addition, it provides some further information about our processing of special category and criminal offence data where a policy document isn’t a specific requirement. The information supplements our privacy notice and staff privacy notice.

Sensitive processing for law enforcement purposes

As part of the council’s statutory functions, we can investigate and prosecute individuals and organisations for offences committed under the legislation we enforce.

This document explains the council’s processing relating to law enforcement purposes and details our procedures for securing compliance with the law enforcement data protection principles and our retention policies in relation to this type of data.

This policy document covers the councils processing of the following types of personal data.

Special category data

The GDPR defines special category data as the following categories of data:

• racial or ethnic origin
• political opinions
• religious or philosophical beliefs
• trade union membership
• genetic data
• biometric data for the purpose of uniquely identifying a natural person
• data concerning health; or
• data concerning a natural person’s sex life or sexual orientation

Criminal offence data

Article 10 GDPR covers processing in relation to criminal convictions and offences or related security measures. In addition, section 11(2) of the DPA 2018 specifically confirms that this includes personal data relating to the alleged commission of offences or proceedings for an offence committed or alleged to have been committed, including sentencing. This is collectively referred to as ‘criminal offence data’.

Law enforcement processing

This document also covers our processing of special category and criminal offence data for law enforcement purposes. Sensitive processing is defined in Part 3 section 35(8) of the Data Protection Act and is equivalent to GDPR special category data.

This includes the processing of:

• personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership
• genetic data, or of biometric data, for the purpose of uniquely identifying an individual
• data concerning health
• data concerning an individual’s sex life or sexual orientation

3.1 Special Category data

We process special categories of personal data under the following GDPR Articles:

1. Article 9(2)(b) – where processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the council or the data subject in connection with employment, social security or social protection.

• examples of our processing include staff sickness absences and political activity declarations

2. Article 9(2)(h) – where processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional.

• examples of our processing include the provision of social care (social work, personal care and social support services) as well as the provision of care and health care

3. Article 9(2)(i) – where processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care

• examples of our processing include the provision of public health monitoring and statistics as well as responding to new threats to public health (for example, epidemics, or pandemics).

4. Article 9(2)(g) - reasons of substantial public interest. The council is required to act to protect the public and the public purse. Processing of personal data in this con-text is for the purposes of substantial public interest and is necessary for the carrying out of our role.

• examples of our processing include the information we seek or receive as part of investigating a complaint

5. Article 9(2)(f) – for the establishment, exercise or defense of legal claims.

• examples of our processing include processing relating to any employment tribunal or other litigation

6. Article 9(2)(a) – explicit consent. In circumstances where we seek consent, we make sure that the consent is unambiguous and for one or more specified purposes, is given by an affirmative action and is recorded as the condition for processing.

• examples of our processing include staff dietary requirements and health in-formation we receive from our customers who require a reasonable adjustment to access our services.

7. Article 9(2)(c) – where processing is necessary to protect the vital interests of the data subject or of another natural person.

• an example of our processing would be using health information about a member of staff in a medical emergency

8. We process criminal offence data under Article 10 of the GDPR

• examples of our processing of criminal offence data include pre-employment checks and declarations by an employee in line with contractual obligations as well as investigations into fly-tipping and trading standards

3.2 Processing which requires an Appropriate Policy Document

Almost all of the substantial public interest conditions in Schedule 1 Part 2 of the DPA 2018, plus the condition for processing employment, social security and social protection data, require an Appropriate Policy Document.

This section of the policy is the Appropriate Policy Document for the council. It demonstrates that the processing of special category (‘SC’) and criminal offence (‘CO’) data based on these specific Schedule 1 conditions is compliant with the requirements of the Data Protection Principles.

3.3 Description of data processed

The council processes special category data about our employees that is necessary to fulfil our obligations as an employer. This includes information about their health and wellbeing, ethnicity, photographs and their membership of any trade union. Further information about this processing can be found in our staff privacy notice.

Our processing for reasons of substantial public interest relates to the data we receive or obtain in order to fulfil our statutory functions. This may be evidence provided to us as part of a complaint or information we gather for our investigations.

The council maintains a record of our processing activities in accordance with Article 30 of the GDPR.

3.4 Schedule 1 conditions for processing

3.4.1 Special category data

We process Special Category data for the following purposes in Part 1 of Schedule 1

• Paragraph 1(1) employment, social security and social protection

We process Special Category data for the following purposes in Part 2 of Schedule 1

• Paragraph 6(1) and (2)(a) statutory, etc. purposes
• Paragraph 10(1) preventing or detecting unlawful acts
• Paragraph 11(1) and (2) protecting the public against dishonesty
• Paragraph 12(1) and (2) regulatory requirements relating to unlawful acts and dishonesty
• Paragraph 18 (1) and (2) safeguarding of children and individuals at risk
• Paragraph 19 (1) and (2) safeguarding of economic wellbeing of certain individuals
• Paragraph 23 (1) and (2) elected representatives responding to requests
• Paragraph 24(1) and (2) disclosure to elected representatives

3.4.2 Criminal offence data

We process criminal offence data for the following purposes in parts 1 and 2 of Schedule 1

• Paragraph 1 – employment, social security and social protection
• Paragraph 2 – health or social care purposes
• Paragraph 3 – public health
• Paragraph 6(2)(a) – statutory, etc. purposes
• Paragraph 10(1)(a) – preventing or detecting unlawful acts

3.5 Procedures for ensuring compliance with the principles

3.5.1 Accountability Principle

The council has put in place appropriate technical and organisational measures to meet the requirements of accountability. These include

• appointing a suitably experienced and qualified Data Protection Officer who reports to the council’s highest management level
• taking a ‘data protection by design and default’ approach to our activities including carrying out initial data protection impact assessments for all new projects involving personal data and full DPIA’s for complex projects which are identified as high risk processing
• maintaining documentation of our processing activities (Record of processing activities -ROPA) and data flow mapping, audited annually)
• adopting and implementing data protection policies
• ensuring we have written contracts in place with our data processors and data sharing agreements in place with partners and other agencies where we are required to share data with central government and other public bodies
• implementing appropriate security measures in relation to the personal data we process.

3.5.2 Principle (a): lawfulness, fairness and transparency Processing personal data must be lawful, fair and transparent.

All of the council’s processing activities have a clearly identified lawful basis and this data is maintained as part of our ROPA (record of processing activities).

We provide clear and transparent information about why we process personal data including our lawful basis for processing in our service specific privacy notices which form part of the council’s overall approach to privacy information and include our staff privacy notice. This policy document supports those notices and further explains our processing of special category and criminal convictions data.

Our processing for purposes of substantial public interest is necessary for the exercise of functions conferred on the council by the legislation which we are bound by.

The council’s processing for the purposes of employment relates to our obligations as an employer.

We also process special category personal data to comply with other obligations imposed on the council in its capacity as a public authority e.g. the Equality Act.

3.5.3 Principle (b): purpose limitation

The council process personal data for purposes of substantial public interest as explained above when the processing is necessary for us to fulfil our statutory functions, where it is necessary for complying with or assisting another to comply with a regulatory requirement to establish whether an unlawful or improper conduct has occurred, to protect the public from dishonesty, to protect and safeguard children and vulnerable adults, preventing or detecting unlawful acts or for disclosure to elected representatives.

The council are authorised by law to process personal data for these purposes. We may process personal data collected for any one of these purposes (whether by us or another controller), providing the processing is necessary and proportionate to that purpose.

If the council shares data with another controller, we will document that they are authorised to process the data for their purpose.

The council will not process personal data for purposes incompatible with the original purpose it was collected for.

3.5.4 Principle (c): data minimisation

The council collects personal data necessary for the relevant purposes and ensures we collect only what we need. The information we process is necessary for and proportionate to our purposes.

Where personal data is provided to us or obtained by us, but is not relevant to our stated purposes, we will securely destroy it.

3.5.5 Principle (d): accuracy

Where the council becomes aware that personal data is inaccurate or out of date, we will take every reasonable step to ensure that data is erased or rectified without delay.

3.5.6 Principle (e): storage limitation

All special category data processed by us for the purpose of employment or substantial public interest is, unless retained longer for archiving purposes, retained for the periods set out in our retention schedule.
The council determine the retention period for this data based on our legal obligations and/or our business needs.

3.5.7 Principle (f): integrity and confidentiality (security)

Electronic information is processed within the council’s secure network. Hard copy information is processed in line with our service specific procedures.

The council’s electronic systems and physical storage have appropriate access controls applied.
The systems the council use to process personal data allow us to erase or update personal data at any point in time where appropriate.

3.6 Additional processing of Special Category Personal Data

The council also process special category personal data in other instances where it is not a requirement to keep an appropriate policy document.

Our processing of this data respects the rights and interests of the data subjects. We provide clear and transparent information about why we process personal data including our lawful basis for processing in our privacy notice and staff privacy notice.

The council carry out sensitive processing for law enforcement purposes in three key areas

• criminal investigations/Fraud/Trading Standards
• enforcement of environmental health/planning legislation
• financial recovery

The council may carry out sensitive processing of all of the categories of data defined in Part 3 section 35(8) except for the processing of genetic data, or of biometric data, for the purpose of uniquely identifying an individual.

Consent or Schedule 8 condition for processing

We carry out sensitive processing under section 35(3) DPA 2018 only where it is strictly necessary for the law enforcement purposes and it meets one of the conditions in schedule 8 of the DPA 2018 or with the consent of the data subject if appropriate.

The relevant schedule 8 condition for our processing is Schedule 8 paragraph 1 – statutory purposes.

4.1 Procedures for ensuring compliance with the principles

4.1.1 Principle (1): lawfulness and fairness

Processing for law enforcement must be lawful and fair. Sensitive processing is only permissible if it is

• based on the consent of the data subject - section 35(4); or
• is strictly necessary for the law enforcement purpose and is based on a Schedule 8 condition - section 35(5)

Our processing of sensitive data for law enforcement purposes satisfies the first Schedule 8 condition that it is necessary for the exercise of a function conferred on the council by the legislation we operate under and is necessary for reasons of substantial public interest.

We are required to seek to prevent, detect, investigate and prosecute possible offences under the various legislation we operate under.

In circumstances where we seek consent, we make sure the consent it

• unambiguous
• given by an affirmative action
• recorded as the condition for processing

4.1.2 Principle (2): purpose limitation

The council process personal data for all of the law enforcement purposes listed at section 31 DPA 2018. These are the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, which might include the safeguarding against and the prevention of threats to public security.

The council are authorised by law to carry out sensitive processing for any of these purposes. We may process personal data collected for one of these purposes (whether by us or another controller), for any of our other law enforcement purposes providing the processing is necessary and proportionate to that purpose.

The council only use data collected for a law enforcement purpose for purposes other than law enforcement where we are authorised by law to do so.

If we are sharing data with another controller, we will document that they are authorised by law to process the data for their purpose.

4.1.3 Principle (3): data minimisation

The council do not systematically collect or harvest sensitive personal data for law enforcement purposes.

The information we process is necessary for and proportionate to our purposes. It is processed in the context of us carrying out processes which enable us to meet our stated purposes for processing.

Where sensitive personal data is provided to us or obtained by us but is not relevant to our stated purposes, we will erase it.

4.1.4 Principle (4): accuracy

Where the council becomes aware that personal data is inaccurate or out of date, we will take every reasonable step to ensure that data is erased or rectified without delay. If we decide not to either erase or rectify it, we will document our decision.

The council always aims to distinguish between personal data based on facts and personal data based on personal assessments or opinions and mark the file to reflect the distinction. There are circumstances where this is not possible.

Where relevant, and as far as possible, the council will distinguish between personal data relating to different categories of data subject, such as

• people suspected of committing an offence or being about to commit an offence
• people convicted of a criminal offence
• known or suspected victims of a criminal offence
• witnesses or other people with information about offences

The council only does this where the personal data is relevant to the purpose being pursued.

We take reasonable steps to ensure that personal data which is inaccurate, incomplete or out of date is not transmitted or made available for any of the law enforcement purposes.

If we discover, after transmission that the data was incorrect or should not have been transmitted, we will tell the recipient as soon as possible.

The council will document our decisions to make personal data available for any of the law enforcement purposes.

4.1.5 Principle (5): storage limitation

The council has a corporate retention schedule and retains information processed for the purposes of law enforcement for 6 years from closure of the matter unless there is a legitimate reason to retain it for longer.

4.1.6 Principle (6): security

Electronic information is processed within the council’s secure network.

Hard copy information is processed within our secure premises or is kept secure if taken off site.

Where it is necessary for us to share information with third parties we consider the technical or organisational security measures they have in place before allowing access or transmitting data.

Electronic and hard copy information processed for the law enforcement purposes is only available to staff who carry out the processing for these purposes. Our electronic systems and physical storage have appropriate access controls applied.

The systems we use to process personal data for law enforcement purposes allow us to erase or update personal data at any point in time.

4.1.7 Retention Policies

The retention policy for each category of SC/CO data is included in the retention schedule.