Personal information charter
Find out more about the personal information PHE collects, uses and sometimes shares to do its job, along with how this is protected and your rights.
Our personal information charter contains the standards you can expect when we use your personal information.
Your privacy
We use personal information to carry out our remit from the government to protect and improve the nation’s health and wellbeing, and reduce health inequalities. Our 4 main purposes for using personal information are to:
- fulfil the Secretary of State for Health and Social Care’s duty to protect public health
- fulfil the Secretary of State’s duties to improve public health and reduce health inequalities
- improve population health by supporting sustainable health and care services
- ensure the public health system maintains the capability and capacity to tackle current and emerging public health challenges
An example of how we help protect the nation’s health is diagnosing and controlling cases and outbreaks of infectious disease and other risks to public health. For this we use information such as laboratory test reports to identify cases of diseases such as tuberculosis. We then sometimes need to contact patients to understand how they become infected and to identify anyone they have been in close contact with to provide them with public health advice to stop the disease from spreading further.
To protect public health we also use personal information to recognise trends, monitor and manage infectious diseases to help prevent them from spreading.
An example of how we improve the nation’s health is the national cancer register. We collect personal information on patients referred to hospitals for the diagnosis and treatment of cancer. We then collect information to monitor the treatments these patients receive and their outcomes. This information is used to monitor the numbers and trends in cancer cases and to help plan and administer cancer diagnosis and treatment services.
We know how important it is to protect your privacy. If we ask for your personal information we will:
- only ask for what we need
- let you know why we need it
- make sure nobody has access to it who should not
- let you know if we share it with other organisations to give you better public services, and whether you can say no
- only keep it for as long as we need to
- not make it available for commercial use (such as marketing) without your permission
If we use your personal information, we will also:
- only use this information as the law allows
- only use the minimum necessary personal information
- carefully protect this information at all times
- provide training to staff who need to use personal information to do their job
- only share this information as the law allows
- respond appropriately if personal information is not used or protected properly
Our general privacy notice explains the personal information we use to fulfil our remit.
We also provide a specific notice explaining the personal information we use to support national and local action to control and prevent the spread of coronavirus (COVID-19).
How to find out what personal information we hold about you and if we use it
You can find out if we hold any personal information about you.
To help us give you the information you want, we need you to tell us which part of Public Health England (PHE) you have been dealing with and why you believe we hold information on you.
If we do hold your personal information, we will:
- provide you with a copy of your information
- tell you why we are holding it
- tell you how long we will hold it
- tell you who it may be shared with
Email us at FOI@phe.gov.uk if you want to find out if we hold any personal information about you.
Alternatively, write to us at:
Public Accountability Unit
Public Health England
7th Floor North, Wellington House
133-155 Waterloo Road
London SE1 8UG
We will acknowledge your request within 3 working days and let you have a full response within 20 working days. If it is not possible to respond fully within this timescale, we will write and let you know why and say when you should receive a full response.
When we share information
We may share personal information within PHE or with other organisations where we are required or permitted to do so by law.
There may be limited circumstances where we share your information with others without telling you but this would only be where the law requires it, for example, crime prevention and detection purposes.
How we handle personal information
Our staff use personal information under medical supervision and are trained to treat this in the strictest confidence, in compliance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018, the National Data Guardian’s data security standards, and the NHS Caldicott principles. Our staff have the same duty as other healthcare professionals to maintain confidentiality. Any deliberate or negligent breaches of this policy are disciplinary offences.
We usually remove as soon as we can any details such as names and addresses that could identify an individual from the personal information we hold, although sometimes this isn’t possible. Examples include where long-term follow up is needed, or the law or professional guidance requires us to keep the personal information.
To fulfil our remit to protect and improve public health and reduce health inequalities, the law on data protection allows us to use personal information because we have official authority to do this in the public interest. As information about people’s health is a special type of data, the law also allows us to use personal information to provide health treatment, manage health and care systems, and to protect the public from threats to health.
Sometimes we need to use confidential information without asking patients for their consent. An example is where we need to act quickly to stop infectious diseases from spreading. We have special permission from the Secretary of State to do this – this is known as ‘Section 251’ approval.
Training and guidance we give to our staff
We train all our staff about protecting personal information and confidentiality and have processes in place to ensure that personal information is protected at all times.
How to report a concern
If you are concerned about with the way we have used your personal information, you can contact our Data Protection Officer. Either email dataprotectionofficer@phe.gov.uk or write to:
Public Accountability Unit
Public Health England
7th Floor North, Wellington House
133-155 Waterloo Road
London SE1 8UG
You also have the right to report any concerns about the way we use and protect your personal information to the Information Commissioner’s Office (ICO).
Contact the ICO by calling 0303 123 1113, visiting www.ico.org.uk or writing to:
Customer Contact
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF