How we keep information secure and who we share it with
We are required to comply with the Data Protection Act (2018) to ensure information is managed securely and this is reviewed every year as part of the Data Security and Protection Toolkit assessment submission. Information is strictly made available only to key professionals who have a clear and legal need to see it. All staff are required to undertake regular training and to comply with policies and procedures around data protection, information security, confidentiality and the safe handling of information.
Data is held in a secure database only accessible to approved analytical staff within the Lambeth Public Health Intelligence Team. The database is on a secure internal network protected by AES 256 encryption.
Information will be held as stipulated in the data access agreement between NHS Digital, the Office for National Statistics and Lambeth Council.
Information is only shared with other organisations where their involvement is required to provide a service, for us to comply with our public health responsibilities, or where we are under a legal requirement to share it. The organisations we may need to share information with include organisations such as national and local NHS bodies, the Office for National Statistics, NHS Digital, other local authorities, mental health services, GP practices, local coroner’s offices, local emergency services and schools. Any sharing will be assessed to ensure the organisations will meet the same standards of security and confidentiality as we do. We commit to publishing a list of the organisations we share this data with.