Guidance

Better Outcomes through Linked Data (BOLD): Privacy Notice

Updated 16 April 2024

Applies to England and Wales

Introduction

The programme will use strictly pseudonymised data from the Ministry of Justice, Department of Health and Social Care, the Department of Levelling Up, Housing and Communities, Public Heath Wales and the Welsh Government in order to show how linking it can improve the support provided for those with complex needs. Our partnership and programme builds on learning from other initiatives such as Administrative Data Research (ADR) UK. BOLD will run until the end of 2024 and its findings used to deliver changes to how government supports those in need.

The Better Outcomes from Linked Data (BOLD) programme is seeking to link data sets across the public sector, including local authorities, health agencies and central government. The goal of BOLD is to enable better, joined-up, services to support and protect adults with complex needs in their interactions with multiple government-funded services. BOLD is funded by HM Treasury’s Shared Outcomes Fund as an innovative project of new ways of working between government departments. BOLD aims to set a precedent for legal pathways and infrastructure to facilitate wider data linkage across multiple government departments. In this way we can make better use of existing information to support better service delivery.

The purpose of BOLD is to securely connect data held for:

1. Ministry of Justice (MoJ)
2. Department for Health & Social Care (DHSC)
3. Department for Levelling Up, Housing & Communities (DLUHC)
4. Welsh Government/Public Health Wales (PHW)

The data sharing being undertaken through BOLD will primarily consist of data held by the partner departments above and may also seek to share data held by, but not limited to, Department for Education (DfE), Department for Work and Pensions (DWP) and His Majesty’s Revenue and Customs (HMRC) so that policy-makers and those working in UK public services will have better quality evidence about how services delivered by one part of government impact on outcomes in another. This will help front-line workers provide better and more targeted support for these vulnerable individuals, demonstrating the immense social benefit of data linking.

BOLD will focus on four main demonstrator pilots:

1. Supporting victims of crime
2. Reducing homelessness & rough sleeping
3. Combating substance misuse
4. Reducing reoffending

The type of personal information we process

We currently process the following information:

• Demographic details - name (initials and surname), postcode sector, date of birth, age, previous names, information relating to ethnicity, National Insurance number, local authority code
• Health information - physical / mental health condition/s, drug and alcohol treatment
• Crimes committed - by an individual, criminal proceedings, outcomes and sentences, probation activity
• Selected data on victims of rape and sexual abuse – support services interacted with, interactions with police and courts
• Selected data from HMRC relating to receipt of Child Benefit

Data linking

Data relating to the same person is linked by using identifiers, such as names, date of birth and addresses, that are held in the source data. This information will not be shared with researchers and will be replaced in the data linking process by a reference number (one that has been generated for these datasets and is not used in any existing operational systems). Other identifiers used within the justice system, such as case IDs, will also be replaced or removed .

Considering risks and sensitivities

MoJ recognises the risks associated with sharing data. As well as only allowing researchers to access data after identifiers have been removed, there are rigorous safeguards in place to ensure data cannot be accessed by any unauthorised persons, or for any reason other than approved research projects. Information classed as ‘special category’ data under GDPR are sensitive, as is information about criminal histories. MoJ recognises the risk of this information being disclosed and requires additional justifications for processing and sharing this data, in line with GDPR.

In line with legislation

MoJ is permitted to process data supplied by the police, the Crown Prosecution Service (CPS), courts and prisons by virtue of its common law powers for the administration of justice.

Personal Information will only be shared where there is a legal basis under UK GDPR. Where the data shared is Confidential Patient Information as defined in section 251 of the National Health Service Act 2006 the common law duty of confidentiality (CLDC) will also apply and a legal basis for sharing must be found in addition to the requirements of the UKGDPR. This could be:

• The individual consents to the use of their own data

• There is an overriding public interest in sharing the data

• Where there is a legal requirement to share
• Where there is a legal power to share which explicitly sets aside the CLDC

Any and all data in scope for BOLD will be required to go through several levels of clearance.

• Data Protection Impact Assessments (DPIAs) are required for each individual data share or when processing data, in order to identify and assess risks to privacy and ensure appropriate protections are in place to minimise them. These require the approval of the data protection teams in all departments
• Information classed as ‘special category’ data under GDPR or as confidential patient information under section 251 of the National Health Service Act 2006, are especially sensitive, as is information about criminal histories. BOLD and its partner departments recognise the risk of this information being disclosed requires additional justifications for processing and sharing this data.
• Data sharing involving health and social care data is required to robustly demonstrate adherence to the Eight Caldicott Principles, which set out the safeguards required for sharing this kind of information. This requires sign-off by a ‘Caldicott Guardian’ in order for any data sharing to take place

• Any data held by NHS Digital will be required to be approved by the Independent Group Advising on the Release of Data (IGARD), which will hold BOLD to the highest standards of stewardship and governance of data

• Data shared between organisations is governed by a Data Sharing Agreement (DSA). This establishes a framework for appropriate processing, including the contents and duration of the share, permitted uses of the data, the legal basis and justification for processing, and the protections in place throughout its lifecycle.

How we ensure data is fully and robustly pseudonymised

Pseudonymising data is a way of processing of personal data that the data can no longer be attributed to a specific individual without the use of additional information. This additional information is kept separately and under strict measures to ensure that this data cannot be identifiable. It is within the scope of data protection law, and the data will not be used in a way to identify any individual. Further information on pseudonymisation can be found on the Information Commissioner’s Office website linked here.

BOLD follows national best practice guidance via the UK Anonymisation Network’s (UKAN) Anonymisation Decision Framework.

Personal information handled through BOLD will, in all but one case, only be made available to a small number of technical data linkers, with the right level of security clearance.

In order to link records together, they will only be able to see identifiable information required for linkage such as name, date of birth and address. Information not required for the purposes of linking will not be visible to data linkers. Personally identifiable information will not be shared with researchers and will be replaced in the data by a new following identifier (one that has been generated for these datasets and is not used in any existing operational systems). Other identifiers, such as case IDs, will also be replaced.

There is one exception to this rule, which involves the use of data on offenders in order to support management of offenders on probation serving their sentences in the community. In this one particular case, information about offenders will be accessible to their probation officers to support managing their case. In all other cases, only pseudonymised data will be used to inform national level policy development and research, with no decisions taken about individuals, and no automated decision-making happening as a result.

For permitted research purposes

Provisions for using data collected in the course of the department’s operations for research and statistical purposes are set out in the MoJ Personal Information Charter.

Data Sharing Agreements (DSAs) between government departments specify the permitted uses of the data as well as the safeguards in place. These stipulate that datasets shared under BOLD are accessible for approved research projects only.

The MoJ ethics advisory group and external ethicists will be consulted as the programme develops to ensure that it, and the research projects that it enables, are ethically sound. This will include the consideration of the impact on data subjects and their data protection.

How we store your personal information

Personal data will be processed for the duration of the BOLD programme. Some processing of personal data will be completed using the MoJ Analytical Platform (AP) keeping personal data secure with only approved users having access, stored in a secure and well-engineered environment using the latest technologies to keep the data safe. Healthcare data will be stored in a secure environment within the Department of Health & Social Care (DHSC), and at no point will ever leave the healthcare system.

All data is stored in a setting that is compliant with the HMG Security Policy Framework.

Personal data will be retained in line with MoJ policy and will be pseudonymised or anonymised where possible to minimise the risk to individuals.

Data will be retained on the AP in line with the AP retention schedule.

Sharing with other government departments and agencies

Data shared between the MoJ and other government departments is governed by a Data Sharing Agreement (DSA). This establishes a framework for appropriate processing, including the contents and duration of the share, permitted uses of the data, the legal basis and justification for processing, and the protections in place throughout its lifecycle.

A Data Protection Impact Assessment (DPIA) will be completed prior to data sharing, to identify and assess risks to individuals’ privacy and ensure appropriate protections are in place to minimise them. As the share evolves, so too will the details in the DPIA and DSA report.

For data linking to take place, personal identifiers (such as name, address and date of birth) are transferred between departments. Access to this information is strictly limited to those who need it in order to carry out the linking process. These identifiers are transferred separately from all other information about individuals and deleted immediately following linking, to minimise the risk of identification. New, meaningless IDs assigned to individuals throughout linkage are the only IDs provided for use in analysis. Only the minimum of information (both fields and coverage) justified for sharing is supplied. All data are transferred using an agreed mechanism and stored in a setting that is compliant with the HMG Security Policy Framework.

What is definitely out of scope:

• We will not at any time or for any purpose analyse health and social care data that has not been pseudonymised. Any use of health and social care data will be for the purposes of research, and will be examining trends across large samples of people, rather than investigating specific cases
• No data will be shared, at any time, or for any reason, for commercial purposes. The purpose of BOLD is solely to improve public services through evidence. BOLD will not share data with commercial organisations.
• We will not use health and social care data for any decisions taken about individuals – only for the purposes of supporting national level policy development and research

How to exercise your rights

Request personal information from the Ministry of Justice

To exercise any of your information access rights, that are not a request for a copy of your personal information from the Ministry of Justice, send your request:

Email: dataprotection@justice.gov.uk

By post:

Data Privacy Team
Ministry of Justice
3rd Floor, Post Point 3.20
10 South Colonnade
Canary Wharf
London
E14 4PU

Questions or complaints

Contact the MoJ Data Protection Officer if you:

• have questions about anything in our information charter
• think that your personal data has been misused or mishandled

Email: dataprotection@justice.gov.uk

By post:

The Data Protection Officer
Ministry of Justice
3rd Floor, Post Point 3.20
10 South Colonnade
Canary Wharf
London
E14 4PU

The Information Commissioner’s Office (ICO) address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Reviewing the information

This privacy statement and our data protection processes will be updated to reflect any relevant changes.

Other relevant information

Other relevant privacy notices:

• NDTMS Privacy Notice
• National Probation Service Privacy Notice
• HMPPS Personal Information Charter
• NHSE and NHSI Privacy Notice
• SAIL Privacy Notice
• Homelessness Research Privacy Notice
• MoJ Information Charter
• SERICC/SOSRC Privacy Notice
• HMRC Privacy Notice
• ONS Privacy Notice