Home
The council and democracy
Access to information
Privacy notices
COVID-19 Test and Trace privacy notice

COVID-19 Test and Trace privacy notice

Department Of Health & Social Care (DHSC) are providing patient data to Brent Council’s Public Health team, contact details trackandtrace@brent.gov.uk 020 937 4440. The Council’s Data Protection Officer can be contacted via dpo@brent.gov.uk or 020 8937 1402.

What information we might collect from you and why

Patient data is being provided to Brent Council by DHSC in the public interest; in order to enable Brent’s Public Health Team to fulfil their responsibilities to take action to manage and mitigate the spread and impact of the current outbreak of Covid-19.

These responsibilities for contacting those that are currently shielded are set up in the ‘Covid-19 – Notice under Regulation 3(4) of the Health Service Control of Patient Information Regulations 2002’ dated 20 March 2020 and re-issued on 29 July 2020 from the Department of Health and Social Care on behalf of the Secretary of State for Health and Social Care.

The responsibilities for contacting people that have been identified in the DHSC track and trace system and process for those people that have not been contacted by them are carried out under Regulation 3(1) and (4) of the Health Service Control of Patient Information Regulations 2002 and the Notice under Regulation 3(4) of the Health Service Control of Patient Information Regulations 2002 dated 20 March 2020 and re-issued on 29 July 2020.

How we use your information

For the shielding list

The data shall be processed for the following Covid-19 Purposes specified in the above-mentioned Regulation 3(4) Notice dated 20 March 2020 and re-issued on 29 July 2020 under regulation 3(1) of the Health Service Control of Patient Information Regulations 2002

  • understanding Covid-19 and risks to public health, trends in Covid-19 and such risks, and controlling and preventing the spread of Covid-19 and such risks
  • identifying and understanding information about patients or potential patients with or at risk of Covid-19, information about incidents of patient exposure to Covid-19 and the management of patients with or at risk of Covid-19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self-isolation, fitness to work, treatment, medical and social interventions and recovery from Covid-19
  • understanding information about patient access to health services and adult social care services and the need for wider care of patients and vulnerable groups as a direct or indirect result of Covid-19 and the availability and capacity of those services or that care
  • monitoring and managing the response to Covid-19 by health and social care bodies and the Government including providing information to the public about Covid-19 and its effectiveness and information about capacity, medicines, equipment, supplies, services and the workforce within the health services and adult social care services
  • delivering services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with Covid-19, including the provision of information, fit notes and the provision of health care and adult social care services; and
  •  research and planning in relation to Covid-19. 

The patient data that we receive includes categories of personal data that will be processed include gender, age, ethnic group, occupation, key worker status and postcode.

The council obtains information from the following sources.

  •  Department Of Health and Social Care - Patient data as described

For track and Trace

The data shall be processed for the following Covid-19 Purposes specified in the above-mentioned Regulation 3(4) Notice dated 29 July 2020 and under regulation 3(1) of the Health Service Control of Patient Information Regulations 2002.

  • identifying and understanding information about patients or potential patients with or at risk of Covid-19, information about incidents of patient exposure to Covid-19 and the management of patients with or at risk of Covid-19 including: locating, contacting, screening, flagging and monitoring such patients and collecting information about and providing services in relation to testing, diagnosis, self-isolation, fitness to work, treatment, medical and social interventions and recovery from Covid-19
  • delivering support and services to patients, clinicians, the health services and adult social care services workforce and the public about and in connection with Covid-19, including the provision of information, fit notes and the provision of health care and adult social care services and
  • research and planning in relation to Covid-19
  • understanding Covid-19 and risks to public health, trends in Covid-19 and such risks, and controlling and preventing the spread of Covid-19 and such risks; and
  • processing to support NHS Test and Trace (including enriching the data using local intelligence and where appropriate, updating the DHSC track and trace system).

The patient data that we receive includes contact details and includes categories of personal data that will be processed include gender, age, ethnic group, occupation, employer and full address.

The council obtains information from the following sources.

  •  The national DHSC Track and Trace system - Patient data as described

If the data from the DHSC track and trace system is incorrect or is missing information, and the council identifies more up-to-date data, this will be updated on the national track and trace system. Information obtained by the Council from persons suffering from Covid-19 may be used by the Council to check that their employers are carrying out the necessary regulatory requirements to manage and control the spread of Covid-19.

Data is processed in accordance with the following relevant articles of the General Data Protection Regulation (GDPR) 

GDPR Article 6(1)(e) - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller by virtue of the Data Protection Act 2018 section 8(c) – function conferred on us by the Public Health Acts;

GDPR Article 9(2)(i) – processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy by virtue of Data Protection Act 2018 section 10 1(d), and section 3 in Part 1 of Schedule 1

Brent Council has statutory duties to safeguard children and vulnerable adults, as set out in the Children Act 1989 (section 17), Children Act 2004 (section 11), Children and Social Work Act 2017 (section 1) and sections 1 and 42 of the Care At 2014. Where information received as part of the activities outlined above, leads an officer to believe that a child or a vulnerable adult may be at risk of abuse, this information will be referred to the relevant safeguarding team to investigate.

Brent Council does not process your information with third countries outside of the UK or EU zone without the safeguards being in place that are equivalent to the Data Protection Act 1998 or the General Data Protection Regulations (GDPR).

Storing your information 

Your information shall be processed for the duration of the pandemic. Following this, it will be kept for such time is required to report on the local impact of the pandemic. Where data is published, it will always be aggregated and anonymised.

For track and trace purposes, information will be stored in the national “CTAS” database hosted by the NHS and Public Health England

Further information

Brent Council shall process your information in adherence to your information rights under the Data Protection Act 1998 and the GDPR. Information about your rights can be found on our main privacy notice

If you are dissatisfied with the processing of your information, you can raise your concern with the council’s data protection officer. You have a right to lodge a complaint with the Information Commissioner’s Office www.ico.org.uk