Forum Home → Discussion → Covid-19 issues → Thread
Using sheilding data for benefits take-up.
Anybody out there (presumably in an LA) doing any work on benefit take-up using their LA list of people shielding?
Interested in any issues or barriers you’ve faced as well as the work you’re doing. The opportunities with older, vulnerable people seem obvious but is there something we’re missing?
It’s been discussed among our team, Mike, but we have nothing up and running as yet. However, watch this space, as it is potentially a good way to identify those who may benefit from our involvement, in other areas (e.g tenancy support/aids and adaptations), as well as benefit take-up.
Been a suggestion at our end that GDPR scuppers it as the data was obtained for health purposes. Not seeing it. Wondering if anyone has encountered the argument. Have had it before with CT data and the DPA. Arguable there but here I can’t see that there’s an issue. How is maximising someone’s income and addressing debt issues not a health/wellbeing issue right now?!
There are plenty of allowances within GDPR to share data for these purposes, and the ICO has specifically said that it would take a more lenient approach to these rules under the current circumstances.
More often than not I find that it is internal procedures towards data protection (often rooted in misunderstandings of GDPR) that stand in the way.
So far that argument hasn’t been raised, but I can see how it might be an issue. We are, or course, not necessarily reliant on LA data, however, as we gather information about our tenants in a number of ways (Pre-Tenancy Interviews/long term interaction with tenants, etc)..
There are plenty of allowances within GDPR to share data for these purposes, and the ICO has specifically said that it would take a more lenient approach to these rules under the current circumstances.
More often than not I find that it is internal procedures towards data protection (often rooted in misunderstandings of GDPR) that stand in the way.
I’ve had this experience before and we’ve been able to overcome it.
It’s pretty much the stuff you used to get with DWP. “I can’t talk to you. Data Protection.”. My response was always to ask for a citation on which bit of the DPA was the issue. They always back off immediately.
However, I think you’ve nailed something for me here that I’d forgotten about i.e. the ICO and leniency. I shall find myself a link to that and pursue the issue.
Thanks.
So on the one hand we’re being told that all shielding data communication included the following:
“URGENT: You are about to receive highly sensitive NHS patient data which must not be shared
Data sharing
This data is not to be used for any other purpose or shared externally for any reason except your contacting patients directly.”
On the other hand, https://www.local.gov.uk/sites/default/files/documents/SHIELDING%20GUIDANCE%20AND%20FAQS%20COMBINED%20-%2024%20APRIL%202020.pdf which in the data sharing section said:
“Sharing of Shielding data locally is down to councils to determine when meeting vulnerable person support needs in their area. • Shared data should have a clear purpose to support individuals who are Shielding - and it must be proportionate”
The suggestion has been that the latter is in reference to sharing internally only.
I can’t imagine anything more supportive than sharing for the wellbeing of people with no income.
Are we missing something? Way forward?
Well… This kind of data sharing is routinely accomplished via backchannels, which I’m sure you’re familiar with. As long as ‘you’ know you are operating within GDPR/ICO guidelines, and in the clients’ best interest, I don’t think there are negative repercussions for your own organisation’s sake.
I’ve come across issues in this area in the past, and have even discussed it with the ICO. Emphasising that you are confident in the ethics of your approach - which is embedded in the functions and design of GDPR. Client’s best interest is primary.
But, that generally only covers individuals. In order to scale this up, I don’t really see any other route than establishing a partnership/project with the relevant authorities for this purpose - Either spend time and effort convincing them, or establish your organisation as a trusted partner for data sharing etc.
If the LA wanted to make doubly sure (which I don’t think is necessary), I’m sure they could design a function that sends texts/letters to clients that confirms they may be contacted by a third party for this limited purpose - If I understand correctly what you want to achieve, there isn’t even a need to share sensitive/protected data before a mandate can be signed. A simple ‘Mr X, which you can reach on 07XXX, could benefit from contact’, should do the trick.