Public health privacy statement


This statement should be read in addition to Council’s Global Privacy Notice, and gives more details about how personal data and information collected is used to improve the public's health.

All upper tier local authorities, including Southampton City Council, are now formally responsible for public health. Public health means services to help people to stay healthy and avoid getting ill. This includes a whole range of policy areas - everything from preventing substance misuse to reducing obesity and managing immunisation.

In order to improve the health of the population we serve, we use data and information from a range of sources, including hospitals, births and death information, commissioned services’ performance data, and public surveys.

The information enables us to understand more about the nature and causes of disease and ill-health in the area by measuring the health, mortality and care needs of the population, and ill-health in the area and how we live. This enables us to plan and evaluate services to monitor health and ensure the services are effective and working for the benefit of the population by improving or protecting public health.

How your data is used

We can use data for insight purposes to allow us to analyse patterns and trends of lifestyle behaviours and service usage or for service and financial planning, to help us create policy, strategies and inform decision making.

This data may be personal (include information such as your NHS number, postcode, date of birth), anonymised (does not include person identifiable information) or pseudonymised. Pseudonymising data means replacing personally identifiable information such as your NHS number with an alternative ‘identifier’ such as a random reference number so that individuals can't be identified.

We hold the following data collections that contain various different types of data about individuals and populations:

  1. Hospital Episode Statistics (HES) – We hold pseudonymised records about health care and treatment you may have received in any English hospital in the form of Hospital Episode Statistics (HES). This includes inpatient and day case admissions, outpatient appointments and Accident and Emergency attendances. This data is supplied by NHS England (previously NHS Digital) to us under a data sharing agreement. We do not hold identifiable hospital data.

  2. Mortality data – Primary Care Mortality data set data is supplied to us by NHS England which includes information on date of birth, date of death, the cause of death, place and postcode of death, usual address and postcode of the deceased, their NHS number and maiden name, the name of the certifier, GP practice and name of coroner (where relevant). Our access to the data is limited to residents of Southampton, deaths occurring in Southampton and those patients registered with NHS Hampshire, Southampton and Isle of Wight Sub-ICB (Integrated Care Board) Location. This data is only supplied to us by NHS England under a data sharing agreement and data disclosure controls.

  3. Civil Registrations – Births data – This dataset provides us with access to identifiable data about the number of births that occur within our geographical boundary as an Upper Tier Local Authority and NHS Hampshire, Southampton and Isle of Wight Sub-ICB Location. It includes the address of usual address of residence of the mother, place of birth, postcode of usual residence of the mother, postcode of place of birth of child, NHS number of child and the date of birth of the child. This data is only supplied to us by NHS England under a data sharing agreement and data disclosure controls.

  4. Vital statistics table – This dataset is aggregated together so that it does not identify individuals. It contains data on live and still births, fertility rates, maternity statistics, death registrations and cause of death analysis by our geographical boundaries as an Upper Tier Local Authority and NHS Hampshire, Southampton and Isle of Wight Sub-ICB Location. This data is only supplied to us by NHS England under a data sharing agreement and data disclosure controls.

  5. Cancer incidence data – We hold pseudonymised records about cancer registration data. Our access is limited to residents of Southampton. This includes cancer type, gender, age band at diagnosis, which GP the person is registered at and which neighbourhood (LSOA) the person lives in. This data is supplied by NHS England to us under a data sharing agreement and data disclosure controls. We use this data to understand health needs in the city, which also supports GP practices in their service planning. We do not identify individual patients using this data, it is used at a population level only.

What is the legal basis for the use and flow of Public Health data?

Data is supplied to us by NHS England under section 42 (4) of the Statistics and Registration Service Act 2007, as amended by section 287 of the Health and Social Care Act 2012, and Regulation 3 of the Health Service (Control of Patient Information) Regulations 2002.

The use of your personal data is compliant with the following conditions of the General Data Protection Regulation (GDPR):

  • Article 6(1)(e) of the GDPR – It is necessary for us to process your information so we can carry out our official functions or public tasks
  • Article 9(2)(h) of the GDPR – It is necessary for us to process your personal data for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services.

We rely on these various processing conditions as we believe the processing for us allows us to discharge our functions under a wide range of legislation, to support the duty of the Local Authority under Section 12 of the Health and Social Care Act 2012 to take appropriate steps to improve the health of the population, including the duties to:

  • Support Health and Wellbeing Boards under Section 194 and 206 of the 2012 Act
  • Produce Joint Strategic Needs Assessments (JSNAs) and Joint Health and Wellbeing Strategies (JHWBs) under Sections 192 and 193 of the 2012 Act
  • Commission specific public health services under the Local Authorities Regulations 2013 to plan and provide NHS Health Check assessments, the National Child Measurement Programme, and open access sexual health services
  • Provide public health advice to NHS commissioners under the 2013 Regulations
  • Publish an annual public health report under Section 31 the 2012 Act
  • Provide a public health response to licensing applications under Section 30 of the 2012 Act (as the responsible authority under the Licensing Act 2003)

Under this lawful basis, we do not require your consent to process this information, though you have the right to object (see further below) but we are required, through this privacy notice, to ensure that you are fully informed of why we are collecting this information and what we will do with it.

Please also note that no automated decision making (decisions taken without a person involved) occur for any parts of these procedures controlled by SCC and we do not use profiling to deliver our service to you.

Keeping information safe and secure

All information is collected, stored and shared in accordance with data protection legislation. Information is held and transferred securely and only made available to authorised professionals for the purpose of carrying out their work. All staff are trained in data protection and comply with the Council’s information security, confidentiality, and safe information handling policies and procedures.

In order to use public health data appropriately and safely we:

  • Store the data on our IT network at a location that is restricted to those staff who have signed the appropriate NHS England data access agreements
  • Restrict access to data, whose source is identifiable, to those staff who have been nominated as data processors for the births and deaths data
  • Remove the identity from any data used for secondary analysis (referred to as 'de-identified' data)

Publication of the outcome of secondary analysis is limited to permitted purposes and is restricted to the aggregate results of that analysis in line with our Data Access Agreement and the Office of National Statistics Disclosure Guidance.

We only keep information for as long as is necessary and in accordance with the law and the Council’s records retention schedule.

Sharing information

Public Health information may be shared with our partners or service providers, such as government bodies, the Police, health and social care organisations, and educational establishments. We will only share your personal information when we are permitted to or are required to by law or we have your consent to do so, as required by the data protection legislation. We don't send your data abroad.

Opting out of the use of your information

You have the right to opt out of Southampton City Council Public Health receiving or holding your personal identifiable information. There are occasions where service providers will have a legal duty to share information, for example for safeguarding or criminal issues. The process for opting out will depend on what the specific data is and what programme it relates to.

You can choose not to have information about you shared or used for any purpose beyond providing your own treatment or care. Simply contact your GP for further information about registering an opt-out or to end an opt-out you have already registered. The NHS Choices website explains how your personal information is held, accessed and shared with organisations, such as Southampton City Council.

If you would like further information about opting out of the use of your information, please contact

Accessing your information or further queries

If you would like to see the information that is held about you, you can make a request for this. If you would like further information or have any concerns about any of the details in this notice, please contact

The Council’s Data Protection Officer can also be contacted if you have a query or complaint about the use of your information, whose contact details are available on the Global Privacy Policy.

Further information and independent advice can be found on the Information Commissioner's website.