.

Privacy notice for the audit and governance team 

What do we use the information for?

The audit & governance team provides an independent function whose primary objective is to provide assurance to the council on its risk management, control, fraud and governance processes. The requirement for internal audit function is set out in legislation; Section 151 of the Local Government Act 1972. The requirement for an annual governance statement is defined in the Accounts and Audit Regulations 2015.

The team comprises two main functions:

  • internal audit
  • governance and risk management.

 

These functions require us to hold or have access to information from systems and processes across the council so that we can undertake our work and in doing so:

  • fulfil legal requirements to provide an internal audit function
  • investigate referrals made under the corporate whistle blowing policy
  • maintaining the central register of applications for RIPA (Regulation of Investigatory Powers Act 2000) and Regulation of Investigatory Powers (Communications Data)(Amendment) Order 2015
  • ensure the effectiveness of governance processes
  • facilitate the prevention, deterrence and detection of fraud committed against East Riding of Yorkshire Council
  • coordinate the corporate approach to risk, to facilitate its effective management within the council
  • investigate potential irregularities.

 

What information do we hold and use?

The team will have access to information held by service areas in order to be able to undertake their work; this may include the following types of data:

  • personal, for example name, date of birth, address, sex and marital status
  • employment information, for example national insurance number, details of employer, salary details, employment dates, next of kin, sickness records
  • financial details, for example bank and/or building society account information including transactions & balances, mortgage accounts, insurance policies, pension information, credit history
  • health information gathered to assess eligibility for benefits
  • financial information regarding appraisal of financial standing of potential contractors
  • written statements and recordings of interviews conducted 
  • other information gathered during the course of an investigation or proactive exercise.

 

On what grounds do we use the information?

The audit and governance team has a duty to protect the public purse. The following acts and regulations provide the basis on which the officers of the section operate:

  • Section 151 of the Local Government Act 1972 requires that authorities ‘make arrangements for the proper administration of their financial affairs’
  • The Accounts and Audit Regulations 2015 require that ”a relevant body must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance. Any officer or member of that body must, if the body requires:

    a) make available such documents and records (including those in electronic form); and
    b) supply such information and explanation.

    as are considered necessary by those conducting the internal audit”.

  • The Police and Criminal Evidence Act 1984
  • Criminal Procedure and Investigations Act 1996 
  • Local Government Finance Act 1992.

 

How do we collect this information?

Information is collected in a number of ways. This includes:

  • during the course of internal audit and governance reviews of council-provided services and of services provided to the council.
  • in conducting an investigation, the investigator will pursue all reasonable lines of inquiry, whether these point towards or away from the suspect so each case will depend on the particular circumstances. Personal information is gathered from numerous sources such as council records, external organisations, third parties, witnesses and the suspect themselves.

 

Who do we share your information with?

We may share elements of information with other internal council services to enable the establishment of the effectiveness or otherwise of corporate systems and processes.

During the course of an investigation data may be shared with other council departments such as human resources; with government departments and organisations such as the police, Her Majesty’s Revenues and Customs, the department for work and pensions, the National Health Service, and the border agency etc.

Information may be shared with legal practitioners, tribunals and courts where criminal or civil action is taken against an individual.

How long do we store it and is it secure?

The section has retention schedules in place that ensure information is only held for as long as it is needed. For information on how long information is held, visit the retention explained page.

The council’s IT security and confidentiality policies ensure that your information is protected, and available only to staff directly involved in your care. Details of how we keep your information secure are available on the general privacy information page.

What rights do you have?

The rights that you have depend upon the grounds upon which we collected your information. All of the rights you could have are outlined on the data protection rights page. For those children and young people involved with specialist services the following rights apply:

  • The right of access - You are entitled to see the information we hold about you and can request a copy by emailing: data.protection@eastriding.gcsx.gov.uk 
  • The right to rectification - If you believe any information we hold about you to be incorrect, please email: technical.team@eastriding.gcsx.gov.uk and we will amend the information accordingly. 
  • The right to erasure/right to be forgotten - By providing a service to you under a statutory duty means that you can not request that your information is erased and/or forgotten. 
  • The right to restrict processing - Should you wish us to limit how we use your data please email: technical.team@eastriding.gcsx.gov.uk with the reason for your request. 
  • The right to data portability – Data will be provided in the event that it is required by another organisation for example through a transfer of services.  
  • The right to object - In addition to the right to limit the use of your data, you also have a right to object to the use of your data for certain actions.

Where can I find out more?

If you want to know more about how the council uses information, your rights or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. 

Contact details are available on the general privacy information page. 

Alternatively, you can contact the Information Commissioner’s Office.