Privacy Notices - Client level data Privacy Notice

Who is collecting and using your personal data?

We're the data controller responsible for collecting and processing most of the personal data in relation to your health and social care.

We're required to provide Client Level Data to NHS Digital on person-level. Please see the CLD specification here for more information about the data that is provided.

The data to be provided will be extracted by running a report against the council’s case management system and will undertake any processing necessary to submit a standard return in line with the Adults Social Care Client Level Data Specification.

The submission is made by loading the data file directly on to a Data Landing Platform managed by a Data Services for Commissioners Regional Office (DSCRO), which processes the data on behalf of NHS Digital. DSCRO staff follow strict rules on accessing, analysing and processing data, operating within an approved legal framework.

Once we provide information to NHS Digital, they become the data controller. NHS Digital may only disseminate data to a limited set of bodies.

The information is anonymised by NHS Digital and is not shared in any way which would identify you.

What personal data do we collect?

We collect information about you in various ways, including:

  • your telephone number
  • your email address
  • letters of correspondence
  • face to face meetings
  • details of visits to your home
  • details collected from other professionals
Why do we need your personal information?

The Department of Health and Social Care collects Client Level Data from local authorities which is mandatory from April 2023.

We are responsible for providing Client-Level Data to NHS Digital, which is responsible for data collection and analysis.

The data provided supports the integration of health and social care specifically for:

  • monitoring service users at a population level
  • monitoring service and integrated care outcomes across a pathway or care setting involving adult social care
  • developing, through evaluation of person-level data, more effective prevention strategies and interventions across a pathway or care setting involving adult social care
  • designing and implementing new payment models
  • understanding current and future population needs and resource utilisation
How the law allows us to use your information?

We have a legal requirement to provide Client Level data under Section 259 (5) of the Health and Social Care Act 2012. Under UK GDPR, the lawful basis for processing personal data is Article 6(1)(e) (public task) and Article 9(2)(h) (provision of health or social care).

How long do we keep your personal information?

NHS Digital state that the data that they hold will be held for “20 years maximum from when the information is received, subject to appraisal if there is a justifiable reason to extend.” Swindon Borough Council records will be retained for no longer than 10 years from the last involvement with Adult Social Care before being securely destroyed. 

What you can do with your information?

Details of your rights and access to the information that is retained in the council’s case management system are set out in the main Privacy Notice for Swindon Borough Council Adult Social Care

For a full explanation of your rights under Data Protection, see the ICO website

However, you have no rights to object to the data being provided to NHS Digital and the NHS National Data Opt-Out does not apply. This is because the data is submitted as required by the Data Provision Notice, which is a legal requirement with which all participating organisations must apply.

Main privacy notice

You are viewing the Privacy Notice for Client Level Data.

Read the main Privacy Notice