Skip to main content
Department of Health Department of Health An Roinn Sláinte Männystrie O Pouste

Main navigation

  • Home
  • Topics
  • Publications
  • Consultations
  • Contact

Translation help

Translate this page

Select a language

  • Arabic — عربي
  • Chinese (Simplified) — 中文简体
  • Chinese (Traditional) — 中文繁體
  • Dutch — Nederlands
  • Filipino — Filipino
  • French — Français
  • German — Deutsch
  • Hungarian — Magyar
  • Irish — Gaeilge
  • Italian — Italiano
  • Latvian — Latviešu
  • Lithuanian — Lietuvių kalba
  • Polish — Polski
  • Portuguese — Português
  • Romanian — Română
  • Russian — Русский
  • Slovak — Slovenčina
  • Spanish — Español
  • Ukrainian — Українська
  • Privacy notice - information and analysis directorate

    Topics:
    • DoH Statistics and Research, 
    • Official statistics and user engagement

    Statistics and research for the department of health are provided by the information and analysis directorate (IAD).

    Contacts

    Data Contoller Name: Department of Health

    Information and Analysis Directorate
    Castle Buildings
    Stormont
    BELFAST BT4 3SQ
    Telephone: 028 9052 0500
    Email: webmaster@health-ni.gov.uk

    Data Protection Officer Name: Charlene McQuillan

    Telephone: 02890522353
    Email: DPO@health-ni-gov.uk

    Who we are

    IAD is responsible for compiling, processing, analysing, interpreting and disseminating a wide range of statistics covering health and social care.

    The statisticians within IAD are outposted from the Northern Ireland Statistics & Research Agency (NISRA) and the statistics are produced in accordance with the pillars and principles set out in the Code of Practice for Statistics.

    Being transparent and providing accessible information to individuals about how we may use personal data is a key element of the Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR). IAD staff recognise the importance of protecting personal and confidential information in all that we do and take care to ensure legal compliance.

    This Privacy Notice gives more specific details on how IAD processes personal data on behalf of the Department.

    Why does IAD process personal information and what is our lawful basis for processing?

    IAD analyses a wide range of health and social care information to provide statistical analysis and advice to ministers, policy makers, and commissioners of services, researchers, academia, special interest groups and the wider public. Data considered “Personal” is used for a number of functions as set out in Appendix 1.

    The GDPR requires a lawful basis for processing personal data and in this case, Article 6(1)(e) applies:

    "Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”

    In the case of special categories of data, Article 9(2)(j) applies:

    “Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes in accordance with Article 89(1).”

    IAD processes information in order to fulfil its legal obligations, as well as obligations in the public interest. Specifically this is under:

    • The Health and Social Care (Reform) act (Northern Ireland) 2009, Section 2(2)

    For more more detailed information on the personal information processed across IAD, please refer to Appendix 1.

    Where do we get personal information from?

    IAD receives personal information from a range of sources, namely:

    • Health and social care (HSC) organisations
    • other statutory bodies
    • staff
    • service users
    • members of the public

    How will we use personal information?

    Datasets compiled by IAD are used as follows:

    • to monitor progress towards outcomes including the publication of official statistics
    • to monitor performance and funding
    • to assist in developing and evaluating policy
    • to identify and assist development of good practice; and
    • to support research

    This may include linking or combining the information with other data, for example IAD link Children in Care data with DE data about the education of the children provided by their schools. This may also include linking the data through secure, anonymised means, with other datasets.

    IAD will only use the identifiable aspects of the data to support the statistical and research processes required for any of the uses set out above, but will never use the identifiable aspects of the data nor process the data in such a way as to:

    • affect any measures or decisions with respect to service users or their families; or
    • identify any individual in any reports

    For further information on how IAD processes personal information, please refer to Appendix 1.

    Sharing personal information

    We may sometimes need to share the personal information we process with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA).

    For further information on the sharing of personal information across IAD, please refer to Appendix 1.

    Retaining Information

    IAD will only retain information for as long as necessary, in line with the Department of Health’s (DoH) approved retention scheduled - Good Management, Good Records (GMGR).

    For further information, please refer to:

    • Good management, good records

    Individual Rights

    The Rights of the individual with respect to GDPR are set out in the DoH Privacy Notice.

    Under the Act, you have rights in relation to the information IAD holds about you. You can request access to the personal information that IAD holds about you by making a subject access request (SAR). However the Act does allow organisations to withhold access to personal data if they are held solely for statistics and research purposes. Details of personal information that IAD holds is set out in Appendix 1.

    • You have the right to obtain confirmation that your data is being processed, and access to your personal data
    • You are entitled to have personal data rectified if it is inaccurate or incomplete
    • You have a right to have personal data erased and to prevent processing, in specific circumstances
    • You have the right to ‘block’ or suppress processing of personal data, in specific circumstances
    • You have the right to data portability, in specific circumstances
    • You have the right to object to the processing, in specific circumstances
    • You have rights in relation to automated decision making and profiling

    Security of personal information

    IAD is committed to taking all reasonable measures to ensure the security of all personal information it holds. The following arrangements are in place:

    • All IAD staff have contractual obligations of confidentiality, enforceable through disciplinary procedures;
    • All IAD statisticians adhere to the Code of Practice for Statistics, which includes data governance principles;
    • Staff are granted access to personal information on a need-to-know basis only;
    • The DOH has appointed a Senior Information Risk Owner (SIRO) who is accountable for the management of all information assets and any associated risks and incidents,
    • The DoH has appointed a Personal Data Guardian (PDG) who is responsible for ensuring confidentiality and security of services user information within the organisation;
    • The DoH has also appointed a Data Protection Officer (DPO), who provides full authoritative advice and recommendations in the field of Data Protection and facilitates compliance with the Accountability requirement of GDPR;
    • All staff are required to undertake information governance training every 2 years. The training provided ensures that staff are aware of their information governance responsibilities and follow best practice guidelines to ensure the necessary safeguards and appropriate use of personal information.

    Transfers

    Personal information held by IAD will not be transferred or stored outside the UK. However if in the unlikely event that any transfers of this information must be made then they will be carried out in full compliance with all aspects of the Data Protection Act.

    How to complain if you are not happy with how we process your personal information

    If you are unhappy with any aspect of this privacy notice, or how your personal information is being processed, please contact the Department’s Data Protection Officer at the address above.

    If you are still not happy, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

    Information Commissioner’s Office
    Wycliffe House
    Water Lane
    Wilmslow
    Cheshire
    SK9 5AF

    Tel: 0303 123 1113

    Email: casework@ico.org.uk

    Website: Information Commissioner's Office

    Changes to our privacy notice

    IAD will keep this privacy notice under regular review and will place any updates on this document. (last Updated May 2018)

    Related content

    • Privacy notice - substance misuse database
    • Privacy notice – health survey
    Share this page Share on Facebook (external link opens in a new window / tab) Share on X (external link opens in a new window / tab) Share by email (external link opens in a new window / tab)

    Department footer links

    • Crown copyright
    • Terms and Conditions
    • Privacy
    • Cookies
    • Accessibility
    • The Northern Ireland Executive
    • The Executive Office
    • Department of Agriculture, Environment and Rural Affairs
    • Department for Communities
    • Department for Education
    • Department for the Economy
    • Department of Finance
    • Department for Infrastructure
    • Department for Health
    • Department of Justice
    • nidirect.gov.uk — the official government website for Northern Ireland citizens