Personal information charter

Find out more about the personal information PHE collects, uses and sometimes shares to do its job, along with how this is protected and your rights.

Our personal information charter contains the standards you can expect when we use your personal information.

Your privacy

We use personal information – also called personally identifiable data – to provide individual care to patients. An example is managing cases of infectious diseases such as tuberculosis to stop them spreading. We also use personal information to improve health, care and services through research and planning. An example is our national disease registers, which provide information on what works to improve the treatment and care of people with cancer and rare diseases.

We know how important it is to protect your privacy. If we ask for your personal information we will:

  • only ask for what we need
  • let you know why we need it
  • make sure nobody has access to it who shouldn’t
  • let you know if we share it with other organisations to give you better public services, and whether you can say no
  • only keep it for as long as we need to
  • not make it available for commercial use (such as marketing) without your permission

If we use your personal information, we will also:

  • only use this information as the law allows
  • carefully protect this information at all times
  • provide training to staff who need to use personal information to do their job
  • only share this information as the law allows
  • respond appropriately if personal information is not used or protected properly

How to find out what personal information we hold about you and if we use it

You can find out if we hold any personal information about you.

To help us give you the information you want, we need you to tell us which part of Public Health England (PHE) you have been dealing with and why you believe we hold information on you.

If we do hold your personal information, we will:

  • provide you with a copy of your information
  • tell you why we are holding it
  • tell you how long we will hold it
  • tell you who it may be shared with

Email us at FOI@phe.gov.uk if you want to find out if we hold any personal information about you.

Alternatively, write to us at:

Public Accountability Unit
Public Health England
7th Floor North, Wellington House
133-155 Waterloo Road
London SE1 8UG

We will acknowledge your request within 3 working days and let you have a full response within 20 working days. If it is not possible to respond fully within this timescale, we will write and let you know why and say when you should receive a full response.

When we share information

We may share personal information within PHE or with other organisations where we are required or permitted to do so by law.

There may be limited circumstances where we share your information with others without telling you but this would only be where the law requires it, for example, crime prevention and detection purposes.

How we handle personal information

Our staff use personal information under medical supervision and are trained to treat this in the strictest confidence, in compliance with the General Data Protection Regulation (GDPR) and the NHS Caldicott principles. Our staff have the same duty as other healthcare professionals to maintain confidentiality. Any deliberate or negligent breaches of this policy are disciplinary offences.

We usually remove as soon as we can any details such as names and addresses that could identify an individual from the personal information we hold, although sometimes this isn’t possible. Examples include where long-term follow up is needed, or the law or professional guidance requires us to keep the personal information.

PHE has been given responsibility by the Secretary of State for Health and Social Care to act to protect and improve the nation’s health, and reduce health inequalities.

To do this, the law on data protection allows us to use personal information because we have official authority to do this in the public interest. As information about people’s health is a special type of data, the law also allows us to use personal information to provide health treatment, manage health and care systems, and to protect the public from threats to health.

Sometimes we need to use confidential information without asking patients for their consent. An example is where we need to act quickly to stop infectious diseases from spreading. We have special permission from the Secretary of State to do this – this is known as ‘Section 251’ approval.

Training and guidance we give to our staff

We train all our staff about protecting personal information and confidentiality and have processes in place to ensure that personal information is protected at all times.

How to report a concern

If you are concerned about with the way we have used your personal information, you can contact our Data Protection Officer. Either email dataprotectionofficer@phe.gov.uk or write to:

Public Accountability Unit
Public Health England
7th Floor North, Wellington House
133-155 Waterloo Road
London SE1 8UG

You also have the right to report any concerns about the way we use and protect your personal information to the Information Commissioner’s Office (ICO).

Contact the ICO by calling 0303 123 1113, emailing casework@ico.org.uk or writing to:

Customer Contact
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF