We keep the City Of York Council law enforcement processing privacy notice under review. It was last reviewed and updated in August 2021.
When we use your personal data, City of York Council (CYC) complies with data protection legislation, and is the registered ‘Controller’. Our data protection notification is registered with the Information Commissioner’s Office (ICO) – reference Z5809563.
The processing of data for law enforcement purposes can only be done by an organisation which is considered as a ‘competent authority’. Law enforcement purposes are ‘the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security’. The description of a ‘competent authority’ is laid down in data protection law, and includes but is not limited to, organisations such as police forces, the Financial Conduct Authority and the Information Commissioner. Data Protection Act 2018 (legislation.gov.uk).
Guidance on how organisations should process data for ‘law enforcement purposes’ can be found on the Information Commissioner’s Office (ICO) website Data sharing and reuse of data by competent authorities for non-law enforcement purposes.
This Privacy Notice explains how and why we process your personal data, under Part 3 of the Data Protection Act 2018 for law enforcement purposes and the steps we take to keep your information safe.
We are responsible for delivering a wide range of public services and functions. This includes a number of law enforcement functions associated with:
- Trading Standards
- Environmental Enforcement
- Youth Justice Service
- Children’s Services (for example Non attendance at school; Child employment; Child performance)
- Health and Safety
View the privacy and transparency information for all of the City of York Council (CYC).
How we process your personal information for law enforcement purposes
We have a statutory duty to protect the public and the local community. To do this it is necessary for us to process your personal information under the lawful basis of public interest and official authority. This means we process your personal information for carrying out tasks that are laid down in law and collectively described as the administration of justice.
The Administration of Justice, includes:
- the prevention and detection of crime
- apprehension and prosecution of offenders
- protecting life and property
- preserving order
- maintenance of law and order
- national security
- defending civil proceedings
- any duty or responsibility of the council arising from common or statute law
Whose personal data do we process for law enforcement purposes
In order to carry out the purposes described above, we may obtain, use and disclose personal information relating to a wide variety of individuals including but not limited to:
- offenders and suspected offenders
- witnesses or reporting persons
- individuals passing information to us
- victims/complainants, both current, past and potential
What type of personal information do we process
In order to carry out our statutory responsibility we will process varying types of personal data, this includes:
- your name and address
- employment details
- financial details
- racial or ethnic origin
- religious or other beliefs of a similar nature
- physical or mental health condition
- sexual life
- offences and alleged offences
- criminal proceedings
- outcomes and sentences
- physical identifiers
- sound and visual images
- criminal Intelligence
- information relating to safety
- incidents and accident details
At this time we do not process any DNA, fingerprints, other genetic samples or facial recognition data for law enforcement purposes.
We will use only the minimum amount of personal information necessary to fulfil a particular purpose or purposes.
Personal information can be information that is held on a computer, in a paper record such as a file or images, but it can also include other types of electronically held information such as CCTV images.
Where we collect personal information from
- Other law enforcement agencies and Local Authorities
- Emergency services such as:
- Fire Service
- National Health Service or Ambulance
- HM Revenue and Customs
- licensing authorities
- legal representatives
- Other prosecuting authorities such as:
- partner agencies involved in crime and disorder strategies
- private sector organisations working with/for us on anti-crime strategies
- voluntary sector organisations
- governmental agencies and departments
- suspected or known perpetrators of offences and relatives
- guardians or other persons associated with the individual
- City Of York Council CCTV systems
- body worn video
- from correspondence sent to us including anonymous reports and concerns
We may also obtain details from the council’s own information systems, this may include ‘general data’ processed for purposes under Part 2 of the Data Protection Act 2018.
How we handle your personal information
We handle personal information according to the requirements of Part 3 of the UK Data Protection Act 2018. Your personal information held on our systems and in our files is secure and is accessed on a need to know basis by our staff, and any data processors working on our behalf.
We will ensure that your personal information is handled fairly and lawfully with appropriate justification. We will only use your information for lawful purposes and in connection with our requirement to prevent crime, bring offenders to justice, and protect the public.
We will strive to ensure that any personal information used by us or on our behalf is of the highest quality in terms of accuracy, relevance, and adequacy and will not be excessive. We will attempt to keep it as up to date as possible and will protect your data from unauthorised access or loss.
We will regularly review your data to ensure it is still required and we have a lawful purpose to continue to retain it. If there is no lawful purpose then your data will be securely destroyed.
Who we share your personal information with
To enable us to meet our statutory duties we may be required to share your data with other organisations that process data for a similar reason or in order to keep people safe.
These organisations include:
- the police and other law enforcement agencies
- partner agencies working on crime reduction initiatives
- partners in the Criminal Justice arena
- other local authorities
- other bodies or individuals where it is necessary to prevent harm to individuals
Disclosures of personal information are considered on a case-by-case basis, using only the personal information appropriate to a specific purpose and circumstances, and with necessary controls in place.
We will also disclose personal information to other bodies or individuals when required to do so, or under an act of legislation, a rule of law, and by court order. This may include:
- The Police
- Serious Fraud Office
- National Fraud Initiative
How we keep your personal information safe
We take the security of all personal information under our control very seriously. We maintain compliance with the Public Services Network (PSN) Code of Connection.
We ensure that appropriate policy, training, technical and procedural measures are in place.
How long we keep your personal information
We keep your personal information as long as is necessary for the particular purpose or purposes for which it is held.
Your rights relating to personal data
To find out about your rights under data protection law, including in relation to processing for law enforcement purposes, you can go to the Information Commissioners Office (ICO).
If you have any questions about this privacy notice, want to exercise your rights, or if you have a complaint about how your information has been used, please contact us on email:email@example.com, or on telephone: 01904 554145, or write to:
Data Protection Officer
City of York Council