Privacy notice for the financial planning and reporting team

What do we use the information for?

The section consists of two teams: 

• financial Planning and Reporting
  
• fraud. 

The Financial Planning and Reporting (FPR) team provides a range of corporate financial services to the council and external clients, including financial strategy and policy development, financial planning, treasury management, and financial reporting. 

The fraud team is responsible for the prevention, deterrence and detection of fraud committed against East Riding of Yorkshire Council. 

The section holds information about individuals so that it can carry out effective financial management or to investigate whether fraud and other offences has occurred. This includes: 

• processing payments to employees, external individuals and organisations
  
• recording transactions on the ledger
  
• properly accounting for expenditure and income
  
• preparing the council’s statutory statement of accounts
  
• budget setting and budget monitoring
  
• preparation of financial plans and policy setting
• providing financial management information
• providing financial analysis and advice to internal and external customers 
  
• management of trust funds
  
• preparation, checking and submission of grant claims and returns
  
• assessment of discretionary discounts for council tax and business rates
  
• information about individuals, companies and organisations that are under investigation, to determine whether fraud, and other offences, has occurred.  

What information do we hold and use?

The section collects and processes the following types of personal data: 

• personal, for example name, date of birth, address, sex and marital status. Some personal details may also be retained when individuals use these for business purposes 
  
• employment information, for example, employer, payroll number, salary, national insurance and pension details, employment dates, next of kin, sickness records
  
• financial details, for example, bank/building society account information, mortgage accounts, insurance policies, pension information, credit history
  
• health information gathered to assess eligibility for benefits
  
• written statements and recordings of interviews conducted
  
• other information gathered during the course of an investigation or proactive excercise
  
• email addresses
  
• council tax account details
  
• business rate account details
  
• housing benefit account details
• housing rent account details
• debtor account details.

On what grounds do we use the information?

Section 151 of the Local Government Act 1972 requires local authorities to make arrangements for the proper administration of their financial affairs. The CIPFA Statement on the role of the Chief Financial Officer (CFO) in Local Government describes the role and responsibilities of the CFO including responsibility for the finance function. The CFO and the FPR team need to access individuals’ information as required in order to carry out the role.

The fraud team have a duty to protect the public purse. Officers are authorised and trained to conduct investigations that comply with:

• The Police and Criminal Evidence Act 1984
  
• Criminal Procedure and Investigations Act 1996 
  
• The Council Tax Reduction Schemes (Detection of Fraud and Enforcement) (England) Regulations 2013
  
• Prevention of Social Housing Fraud Act 2013
  
• Local Government Finance Act 1992. 

How do we collect this information?

The FPR team may access personal data from council systems, for example council tax systems and the payroll/HR system. Responsibility for the data within these systems rests with the relevant service. However, where individuals’ data is downloaded and processed within the FPR team, responsibility for this information is within the section. Personal data, e.g. bank details may also be collected directly from the individual where required.

In conducting an investigation, the fraud team will pursue all reasonable lines of inquiry, whether these point towards or away from the suspect. What is reasonable in each case will depend on the particular circumstances. Personal information is gathered from numerous sources such as council records, external organisations, third parties, witnesses and the suspect themselves. 

Who do we share your information with?

The FPR team procures systems from various suppliers to support its financial management role. The following providers may have access to your information purely for the purposes of supporting our systems; they will not use your information for any other purpose. 

• INFOR UK Ltd
  
• Technology One UK Ltd
  
• NatWest Client Monies Services 
  
• Charity Trustees.

The FPR Team may share or disclose your information to any of the following recipients as may be necessary for the financial administration of the authority in line with statutory obligations and/or to comply with contractual obligations relating to it:

• service providers, professional advisers and auditors who in certain circumstances will also be “data controllers”
  
• regulators, the government and law enforcement authorities
  
• Her Majesty’s Revenue and Customs
  
• local and foreign courts, tribunals and arbitrators, other judicial committees of enactments of laws. 

The fraud team procures the services of various providers to assist and manage investigations. The following providers may have access to your information purely for the purposes of supporting our investigation work; they will not use your information for any other purpose. 

• INTEC For Business Ltd
  
• Callcredit Public Sector Limited. 

The fraud team are a member of the National Anti Fraud Network (NAFN) which acts as an intelligence gatherer for local authorities and other public sector organisations. NAFN has access to information for the purposes of supporting our investigation and to prevent, deter and detect fraud in other organisations.

Personal data is shared with the cabinet office which undertakes various proactive exercises through the National Fraud Initiative (NFI) to identify fraud and error.  Where fraud or error is suspected, data may be shared with other public sector organisations to enable that matter to be investigated.

In order to ensure that an individual receives their correct entitlement to benefits, relevant information is shared with other departments within East Riding of Yorkshire Council and other local authorities.

During the course of an investigation, data may be shared with government departments and organisations such as the police, Her Majesty’s Revenues and Customs, the Department for Works and Pensions, the National Health Service, and the Border Agency, etc.

Information may be shared with legal practitioners, tribunals and courts where criminal or civil action is taken against an individual.

How long do we store it and is it secure?

The section has retention schedules in place that ensure information is only held for as long as it is needed. For information on how long information is held, visit the privacy information page.

What rights do you have?

Under GDPR individuals have the right to control the information held about them and how it is used. The rights that you have depend upon the grounds upon which your information is collected. All of the rights you could have are outlined on the data protection rights page. 

• The right of access - You are entitled to see the information we hold about you and can request a copy by emailing: data.protection@eastriding.gcsx.gov.uk 
  
• The right to rectification - If you believe any information we hold about you to be incorrect, please email: technical.team@eastriding.gcsx.gov.uk and we will amend the information accordingly. 
  
• The right to erasure/right to be forgotten - The section will delete a record unless required to retain by statute.  
• The right to restrict processing - Should you wish us to limit how we use your data please email: technical.team@eastriding.gcsx.gov.uk with the reason for your request. 
  
• The right to data portability – Data will be provided in the event that it is required by another organisation for example through a transfer of services.  
• The right to object - In addition to the right to limit the use of your data, you also have a right to object to the use of your data for certain actions.

Where can I find out more?

If you want to know more about how the council uses information, your rights or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance.

Contact details are available on the general privacy information page. 

Alternatively, you can contact the Information Commissioner’s Office.