Public Health Privacy Notice


All local authorities have a duty to improve the health of the population they serve. To help us do this, we use data from a range of sources including the Office for National Statistics, Health and Social Care Information Centre, Clinical Commissioning Group and hospitals to understand more about the nature and causes of disease and ill health in Bexley.

The Public Health team at the London Borough of Bexley also have a legal status allowing the processing of personal confidential data for certain public health purposes. The use of such data is restricted so that the principles contained in the Data Protection Act 1998 are fully adhered to. The legal basis is section 42(4) of the Statistics and Registration Service Act (2007) as amended by section 287 of the Health and Social Care Act (2012) and regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

Who we collect information about

Bexley Council collects and holds information for public health purposes about all to whom it has a public health duty of care which includes:

  • residents of Bexley
  • people receiving health and care services in Bexley
  • people who work or attend school in Bexley

How the information is used

Bexley Council Public Health team uses personal identifiable information1 about residents and users of health care, to enable it to carry out specific functions for which it is responsible, such as:

  • control of infection
  • management of risks to public health
  • organising the National Child Measurement Programme
  • organising the NHS Health Check Programme
  • organising and supporting the 0 to 19 Children’s Public Health Service (Health visiting and school nursing)

The Public Health team also uses the information to derive statistics and intelligence for research and planning purposes, which include:

  • producing assessments of the health and care needs of the population, in particular to support the statutory responsibilities of the:
    • Joint Strategic Needs Assessment (JSNA)
    • Director of Public Health Annual report
    • Health and Wellbeing Strategy
  • identifying priorities for action
  • informing decisions on (for example) the design and commissioning of services
  • to assess the performance of the local health and care system and to evaluate and develop them
  • to report summary statistics to national organisations
  • undertaking equity analysis of trends, particularly for vulnerable groups
  • to support clinical audits

In these cases, the information is used in such a way that individuals cannot be identified from them and personal identifiable details are remove as soon as is possible in the processing of intelligence.

This information includes:

  • contact details
  • NHS number
  • geographic codes such as postcodes for the analysis of health inequalities
  • date of birth
  • information from birth and death certifications (personal identifiable information from NHS Digital used for public health purposes)
  • information about the provision of public health services including:
    • immunisations
    • control of infection
    • drug and alcohol treatment services
    • sexual health services
    • 0 to five services
    • school nursing services
    • National Child Measurement Programme
    • lifestyle and behaviour change services
    • cancer screening programmes
    • public health initiatives
  • information about lifestyle behaviours, including data collected from surveys
  • information about disease prevalence including cancer registrations
  • information about other health statuses including blood pressure
  • information about health and social care use, including:
    • GP services
    • hospital services
    • NHS community services
    • mental health services
    • social care services

1 Personal data means data which relates to a living individual who can be identified from the data or from that data and other information held by the data controller (for example it can be linked to become identifiable).

How we keep information secure and who we share it with

We are required to comply with the Data Protection Act to ensure information is managed securely and this is reviewed every year as part of our NHS Information Governance Toolkit assessment.

Any personal identifiable data is sent or received using secure email. All data is stored electronically on encrypted equipment and is managed using the principles of medical confidentiality and data protection. The number of staff accessing and handling such data is limited to only those key professionals named on relevant signed information sharing agreements (where applicable), all who undertake regular training about data protection and managing personal information.

Confidential public health data will only be shared with other areas of the NHS, local authorities or care organisations with the permission of the Caldicott Guardian, once the necessary legal basis has been established and data protection safeguards have been verified so that the data is managed and used under the same restrictions. Anyone of who received information from Bexley Council Public Health is also under a legal duty to keep it confidential.

In relation to births and deaths, the data will only be processed by Local Authority employees in fulfilment of their public health function, and will not be transferred, shared, or otherwise made available to any third party, including any organisations processing data on behalf of the Local Authority or in connection with their legal function.

We only keep hold of information for as long as is necessary. This will depend on what the specific information is and the agreed period of time.

Data is permanently disposed of after this period, in line with Bexley Council’s Retention Policy/Schedule or specific requirements or the organisation who has shared the data with us.

How to opt out

You have the right to opt out of Bexley Council Public Health receiving or holding your personal identifiable information.

There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues.

The process for opting will depend on what the specific data is and what programme it relates to. For further information, please contact the Public Health team:

  • email
  • or in writing to
    Public Health
    London Borough of Bexley
    Civic Offices
    2 Watling Street
    Kent DA6 7AT

How to find further information

Bexley Council is registered as a Data Controller with the Information Commissioner’s Office (Registration number Z6219197) under the Data Protection Act. Further details about how the Council processes personal data can be found in our registration via the Information Commissioner’s Office. The Council’s NHS Information Governance Toolkit status can be found at NHS - Information Governance Toolkit.

You are legally entitled to request access to any information about you that we hold. To exercise this right, please contact:

Information Governance Team
London Borough of Bexley
Civic Offices
2 Watling Street
Kent DA6 7AT


Public Health
London Borough of Bexley
Civic Offices
2 Watling Street
Kent DA6 7AT.

For more information please visit Data Protection.

For any questions or queries about how data is being used please contact The London Borough of Bexley Caldicott Guardian, Mr Stuart Rowbotham, Director of Adult Social Care and Health.

For general questions about data protection/information governance contact the London Borough of Bexley Data Protection Officer, Mr Nick Hollier, Deputy Director of Corporate Services.