A – Z | Freedom of InformationPublications

Menu
Home > Privacy Notice > Safeguarding Privacy Notice

Privacy Notice – Safeguarding

Some members of society are recognised as needing protection, for example children and adults at risk. If a person is identified as being at risk form harm the ICB is expected as professionals to do what they can to protect the individual. In addition, the Integrated Care Board (ICB) is bound by certain specific laws that exist to protect individuals. This is called safeguarding.

Where there is a suspected or actual safeguarding issue the ICB will share information that they hold with other relevant agencies whether or not the individual or their representative agrees.

There are two laws that allow us to do this without relying on the individual or their representative’s agreement (unconsented processing), these are:

 The Children Act 1989 and 2024 and Working together to Safeguard children statutory guidance 2023

 Section 45 of the Care Act 2014

Why we process your information and how will use the information:

Derby and Derbyshire Integrated Board (DDICB) Safeguarding Children and Looked-after children team will use information that is person identifiable in order to fulfil our statutory duties and responsibilities to safeguard individuals who are at potential risk of where there is evidence of or suspicion of harm, abuse or neglect. 

As a Data Controller, the ICB has a duty to:

  • keep sufficient information to provide services and fulfil our legal responsibilities
  • keep your records secure and accurate
  • only keep your information as long as is required
  • collect, store and use the information you provide in a manner that is compatible with the EU General Data Protection Regulation and the Data Protection Act.

As a commissioning body, we do not routinely hold or have any access to medical records. The provider of your healthcare for example an Acute Trust or GP would hold this information.  However, we may need to hold some information about you or access information about you in order for the Safeguarding children, adults, and looked after children team fulfil our roles and responsibilities. Records are received and held on an NHS provided secure computer system and ICB provided equipment.

As Safeguarding Children, Adults, and Looked after Children teams we receive access and send secure person identifiable information in order to:

  • Offer advice/ supervision to staff
  • Participate in a range of safeguarding meetings
  • Participate in a wide range of investigations/ reviews such as rapid review and child practice, serious incident learning reviews, safeguarding adult reviews, domestic homicides reviews, fatal fire reviews, Learning Disabilities Mortality Reviews (LeDeR).
  • Lead on child death overview process.
  • Participate in Prevent / Channel information sharing processes
  • Participate in Multiagency Public Protection Arrangements (MAPPA)
  • Participate in Multiagency Risk Assessment Conference (MARAC) or other safeguarding processes that may require information sharing such as Domestic violence, sexual violence, serious violence, serious organised crime investigations / enquiries.
  • Participate in Deprivation of Liberty (DoLS) legal procedures
  • Participate in Looked after Children enquires/ advice/ supervision and quality assurance processes.
  • Participate in Multiagency complex abuse / investigation processes.

Nb: This is not an exhaustive list

It is important to highlight that as a Safeguarding Team we work in close partnership with a number of health colleagues and partner agencies and are required at times to share sensitive service user information on a need-to-know basis in order to effectively safeguard and gain the best outcomes for children, adults, young people and adults and fulfil statutory requirements

DDICB Safeguarding Children, Adult, and Looked after Children Team will not contact service users directly but because of the team’s statutory functions we may need to share service user information with health colleagues and / or partner agencies such as Police, Local Authority and Probation. 

Exception to the above point: Parents/ carers are contacted by letter to inform them of the child death review process which includes the request to share any information that they may feel is relevant to share as part of the child death review process.

The DDICB Safeguarding team will ensure that we keep your information safe and only share your information with relevant professionals in order to undertake our role and responsibilities to safeguard and the welfare of children, young people and adults.

Your information will not be transferred outside the European Economic Area.

Data Controller contact

If you have any queries, concerns, or want to request that we change or delete your information, you may contact NHS Derby and Derbyshire ICB at the following address:

Information Governance Team, Scarsdale, Nightingale Close, Newbold, Chesterfield, Derbyshire, S41 7PF

Email: ddicb.igteam@nhs.net 

Purpose of the processing

The purpose of the sharing and processing this data is to protect the child or adults at risk.

Lawful basis for processing

The processing of personal data is supported under the following Article 6 and 9 conditions of the UK General Data Protection Regulations (UK GDPR):

Article 6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’

Article 9(2)(h) ‘necessary for the purposes of preventative or occupational medicine for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services…”

We will also recognise your rights established under UK case law collectively known as the “Common Law Duty of Confidentiality” *

Recipient or categories of recipients of the processed data

The data will be shared with the ICB quality and nursing directorate safeguarding teams, as well as health and social care organisations to ensure that the appropriate care and protection is provided.

Right to object

You have the right to object to some or all the information being processed under Article 21 of UK GDPR. To object to the processing of your information, please contact the controller. You should be aware that this is a right to raise an objection, which is not the same as having an absolute right to have your wishes granted in every circumstance.

Right to access and correct

You have the right to access the data that is being shared and have any inaccuracies corrected. There is no right to have accurate medical records deleted except when ordered by a court of law.

Retention period

The data will be retained in line with the law and national guidance. Or speak to the ICB.

Right to complain

You have the right to complain to the Information Commissioner’s Office (ICO).

Contact the ICO online or call their helpline on 0303 123 1113 (local rate) or 01625 545 745 (national rate).

There are National Offices for Scotland, Northern Ireland and Wales.

Visit the ICO

References

* “Common Law Duty of Confidentiality”, common law is not written out in one document like an Act of Parliament. It is a form of law based on previous court cases decided by judges; hence, it is also referred to as case law. The law is applied by reference to those previous cases, so common law is also said to be based on precedent.

The general position is that if information is given in circumstances where it is expected that a duty of confidence applies.

In practice, this means that all patient information, whether held on paper, computer, visually or audio recorded, must not normally be disclosed without the consent of the patient or the reasonable expectation that the information will be shared to organisations as part of the patient’s direct care. It is irrelevant how old the patient is or what the state of their mental health is; the duty still applies.

Four circumstances making disclosure of confidential information lawful are:

  • There is a reasonable expectation from the data subject that the data will be shared with organisations for the specific purpose of their direct care.
  • where the individual to whom the information relates has consented.
  • where disclosure is in the public interest; and
  • where there is a legal duty to do so, for example a court order.
Last Updated: Monday 30th June 2025 - 3:47:pm

Subscribe to our Newsletter

Joined Up Care Derbyshire produces a monthly newsletter which provides important updates on health and care developments around the city and county.

Previous copies of the newsletter can be found on our website.

If you would like to receive this newsletter, please visit our newsletter page to sign up.

Subscribe to Newsletter