Sunderland City Council - Information Charter

Purpose

This Information Charter sets out the standards you can expect from the Council when we handle your information.

The Charter applies to all the information that the Council holds. It explains how we apply the requirements and principles of the law relating to information.

The Charter explains how you can get access to information held by the Council and what you can do if you think standards are not being met. It explains how the information we hold is treated and when we will consider it for disclosure, sharing, storage and destruction.

Responsibilities

The Council's Information Champions own this charter on behalf of the Council. Chief Officers - with the support of all Councillors, and all council staff - are responsible for its implementation.

The Council has designated a member of the Chief Officer Group to act as Senior Information Risk Officer (SIRO). It is the SIRO's job to ensure that information governance policies and procedures are implemented across all Council service areas, and to ensure they are reviewed and updated.

Other officers identified as Information Asset Owners are responsible for making sure their staff actively manage and monitor the full lifecycle of the information they hold, from its creation, use, updating, and storage through to archiving and/or destruction.

Each Information Asset Owner is responsible for ensuring that their policies, processes and staff are compliant with information governance law and good practice requirements and that all staff and contractors are trained and are aware of their responsibilities.

Each Council officer who handles information has a responsibility to ensure that the requirements of confidentiality, integrity and availability are maintained at each stage in the information lifecycle.

The Council recognises that there is always a possibility of human error. This Code explains what we will do to put things right if a mistake is made.

Types of information

The Council holds both personal and non-personal information on paper and electronically in a variety of databases and information stores which it uses to deliver services and regulatory functions. Other systems hold information used to deliver support functions such as human resources, facilities and finance.

How our information is managed

The Council is committed to manage, maintain and protect information according to legislation, documented policies, procedures and best practice.

We train our staff to keep accurate records that contain the information we need to do the Council's work, and to keep these records complete and up to date.

Security measures, including technical and physical security arrangements protect the confidentiality, integrity and availability of our systems and data, and help officers store, process and communicate information in a secure manner so it is reliably available to properly authorised users. 

When we no longer need to keep information about you we dispose of it securely.

The Council is also committed to making information available: in the interests of openness and accountability and we routinely publish Council information unless restricted by legislation or the Public Interest.

Personal information

The Council respects your privacy and strives to comply with all relevant legislation and best practice to protect your information.

We will look after your information and in most circumstances will not disclose personal data without consent, unless required to do so by law. If we ask you for personal information we will:

  • let you know why we need it, and which law allows this.
  • let you know if we share it with other organisations.
  • let you know if it will be transferred abroad.
  • only ask for what we need, and not collect excessive or irrelevant information.
  • make sure nobody has access to it who should not.
  • only keep it for as long as we need to.

If we fall below these standards we will implement the information risk recovery policy, and, in particular we will:

  • tell you what has happened and why
  • tell the Information Commissioner (unless the breach will cause you or others no harm), and give full assistance to her investigation.

In return, to keep information reliable and up to date, we ask customers to:

  • give us accurate information, and
  • tell us as soon as possible of any changes we need to make to our records, such as a change of address

Access to personal information

You can find out if we hold any personal information about you by making a 'subject access request' under the Data Protection Act. If we do hold information about you we will tell you;

  • what we are using it for
  • what kinds of personal data we hold about you
  • who it could be disclosed to
  • how long we will keep it
  • how you can ask us to correct or destroy it, or object to us using it
  • that you have the right to complain to the Information Commissioner
  • where we got the information if it didn't come from you
  • whether we use it to make decisions about you based solely on automatic processing

We will also give you a copy of the information we hold about you or make arrangements for you to see it.

We handle all information in a manner that respects the rights of individuals and which complies with the requirements of the Data Protection Act. To make a request to the Council for any personal information it may hold about you, you can put a request in writing to the Information Manager at the address below.

Requests for this information can also be e-mailed to Data.Protection@sunderland.gov.uk or by writing to:

Data Protection Officer, Civic Centre, Sunderland, SR2 7DN

If we do hold information about you, you can ask us to correct any mistakes by contacting the same address.

Access to general information

The Freedom of Information Act and Environmental Information Regulations give you the right to have access to unpublished information the council holds, subject to certain conditions.

The Freedom of Information Act, and the Environmental Information Regulations have a number of exemptions which may need to be considered before we publish or provide information. This includes considering whether providing the information will affect other peoples' privacy. We will not automatically withhold information simply because it falls into a relevant exemption. We will assess the impact of disclosure and make a decision on a case-by-case basis).

Requests for this information can also be e-mailed to Data.Protection@sunderland.gov.uk or by writing to:

Data Protection Officer, Civic Centre, Sunderland SR27 DN

Review

This Charter will be reviewed annually.

On Behalf of Sunderland City Council we:

  • value the information entrusted to us and make sure we respect that trust;
  • manage information in a way that ensures the confidentiality integrity and availability of the records we keep;
  • consider and address the privacy risks first when we plan to use or hold personal information;
  • are open with people about how we use their information and who we give it to;
  • make it easy for people to access and update or correct their personal information;
  • keep personal information to the minimum necessary and delete it when we no longer need it;
  • ensure personal information is kept securely and does fall into the wrong hands;
  • provide training to staff who handle personal information and treat it as a disciplinary matter if they misuse or don't look after personal information properly;
  • put appropriate financial and human resources into looking after personal information to make sure we can live up to our promises; and
  • regularly check that we are living up to our promises and report on how we are doing.

 

Leader of the Council                     Chief Executive

Paul Watson                                    Irene Lucas

Approved September 2017

Print Share