Litigation privacy notice

Find out how Stirling Council uses personal data by checking the Council’s website at the following address:

https://www.stirling.gov.uk/privacy-statement/

Our website contains a Register of Data Processing which lists all the different ways
in which the Council uses personal data.

This Privacy Notice provides more information about just one of those processes.

The Council has a Data Protection Officer to make sure it is complying with data protection laws.

They can be contacted at:

Data Protection Officer
Stirling Council
Old Viewforth
14-20 Pitt Terrace
Stirling
FK8 2ET

Email: dataprotection@stirling.gov.uk
Telephone: 01786 404040

The provision of legal advice to Council services/ officers, the performance of litigation or potential litigation pursuant to both core statutory matters and other contractual/ other obligations or liabilities.

The litigation team within legal services provides advice on and initiates court action in respect of a wide variety of matters.  The majority of these matters will involve the Council fulfilling its statutory functions. However, we can also be involved in advising on employment matters in relation to staff, and at times on more commercial actions which may have been raised by or on behalf of the Council or when an action is raised against the Council or to challenge a decision taken by the Council.  

Instructions will almost always come from within the Council to the legal services team and as such the provision of personal data is primarily shared by a relevant service with legal for the purposes of providing legal advice or legal representation.  

Personal data can be about a variety of people, these could include:

• adult service users of social work services or indeed any adult to whom the Council potentially has a statutory duty to assess/ meet need;
• vulnerable children to whom the local authority has (or potentially has) a duty to safeguard or takes steps/ provide a service to (and the personal data of their wider family);
• Council tenants and those living in a property with Council tenants;
• Council employees;
• Pupils of the Education Authority (and potential pupils);
• Third parties whose information is directly relevant to the circumstances of one of the above parties, and the local authority’s obligation to that person.

In the provision of legal advice and/ or in contemplation of litigation, a significant amount of personal data is considered and processed by legal in considering options and routes available to client services, that can include (dependent on the nature of the case): 

Personal Data

• Name and DOB
• Address
• Financial details
• Physical health/ mental health details (including (in the context of possible adoption) as to addictions, genetic disorders, complex needs and assessments)
• Family circumstances
• Employment details, financial means and family outgoings (e.g. housing cases)
• School and pupil records
• Criminal convictions, allegations of a criminal nature involvement with Police or criminal justice/ MAPPA services
• Details as to the suspension/ removal of parental rights and responsibilities and information through the Court and Children’s Hearing systems
• Complex detail of family histories, family compositions, social work involvement with families over significant periods of time and involvement with services

Can include data belonging to children younger than 12 and adults who have been assessed as lacking capacity. 

We can also have reason to review and consider personal data of adopters/ prospective adopters, foster carers and regularly have sight of Children’s Adoption and Permanence Reports and GIRFEC

“Special Category” Data

• Biometric data
• Genetic Data
• Health (physical or mental)
• Political opinions
• Racial or ethnic origin
• Religious or philosophical beliefs
• Sexual life
• Trade union membership

Data relating to criminal convictions and offences is also processed

Depending on the specific case, personal data may be processed:

• As a result of a contract with the data subject
• To comply with a statutory obligation
• To perform a “public task” in the public interest
• With the consent of the individual

• In most cases, personal data will be provided to our service by an internal client service seeking legal advice or who is looking to raise or defend legal action
• Disclosed by data subjects or their legal agents as part of a court or other process similar process
• Obtained by carrying out standard legal searches (rare for litigation) 
• Disclosed by external government agencies
• Disclosed by partners – e.g. other Local

Authorities/police (for example, directly from health or others under Adult Support and Protection processes)

Typically, the data is collected by another Service within the Council and passed to Legal. Much of the personal data which was passed to us was collected in expectation that it would be used in legal proceedings/ for the provision of legal advice, but it may have been collected in consideration of the wider statutory role (in which legal provides a role).  That said, in contentious proceedings we are taking action normally because there is a statutory duty/ ability to do so and so I wouldn’t expect that this presents any issue.

On some occasions information may come directly from Health or Police for example but this is rare and will normally only be at a stage where action may already be in Court.  However the primary point of contact for any external organisation would normally be direct between the service, and not with legal services.   

In paper format, and in electronic format on the council network.

Data Protection laws require personal data to be kept no longer than is necessary.

Depending on the type of legal advice, different retention rules apply.

• May be shared with legal representatives of the data subjects in discussions/ negotiations
• Will as a matter of course (if Court action initiated) be shared with the Court & Tribunals System – through the lodging of applications (normally at Stirling Sheriff Court) and perhaps also with Sheriff Officers who are instructed to effect service of certain court documents on behalf of the Council
• When certain Court applications are made the Court then orders that the local authority serve copies of papers on relevant people to the action (this may mean for example that a Guardianship application is served on their nearest relative, their care provider and other family members) – those applications will include sensitive personal information and include medical reports – that specific sharing mechanism is provided for under the AWI Act but under other legislative frameworks such as Adult Support and Protection it may also be done
• Shared with government agencies
• Shared with partner agencies (perhaps with Health in discussion as to an ASP matter) or perhaps with the Office of the Public Guardian, Mental Welfare Commission
• External legal firms acting for the Council on a particular matter.

In some cases legal work may be outsourced, meaning that an external legal firm is appointed to deal with the matter, instead of the Council’s own legal services. In such circumstances both legal services and the instructing client service may send personal data to that firm to enable them to advise and represent the Council. A letter of engagement would typically be entered into at the point of the external instruction.  The Council has a ‘framework’ of external firms which it may call upon for that purpose.  Those firms if instructed would be fulfilling the same role as legal services in furthering a statutory function. 

You have the following rights under data protection laws. If you have a request under any of these rights, you can make a subject access request.

Access to your information

You have the right to request a copy of the personal information that we hold about you. This is known as a subject access request and is free of charge.  We must respond within one month, although this can be extended to three months if the information is complex.

Correcting your information

We want to make sure that your personal information is accurate, complete and up to date. Therefore you may ask us to correct any personal information about you that you believe does not meet these standards.

Deleting your information

You have the right to ask us to delete personal information about you where:

• you think that we no longer need to hold the information for the purposes for which it was originally obtained
• we are using that information with your consent and you have withdrawn your consent - see the 'withdrawing consent to using your information' section below.  Please note that in general we do not rely on consent as the legal basis for processing your personal information
• you have a genuine objection to our use of your personal information - see 'objecting to how we may use your information' below
• our use of your personal information is contrary to law or our other legal obligations.

Objecting to how we may use your information

You have the right at any time to tell us to stop using your personal information for direct marketing purposes, profiling or research purposes. 

Restricting how we may use your information 

In some cases, you may ask us to restrict how we use your personal information.  This right might apply, for example, where we are checking the accuracy of personal information that we hold about you or we are assessing the objection you have made to our use of your information. 

This right might also apply if we no longer have a basis for using your personal information - but you don't want us to delete the data.  Where this right is realistically applied will mean that we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.

Withdrawing consent to use your information

Where we use your personal information with your consent, you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.

Your request to transfer your data

If we are processing your personal information with your consent or as part of a contract with you, and it is held in an accessible and machine-readable format, you have a right to ask us to transmit it to another organisation. This is known as the right to data portability.

Our profiling or automated decision-making processes

We make some use of automated decision-making processes but very little use of profiling.  Where these techniques are used, this will be explained in the specific privacy statements relating to those functions, together with a description of the reason involved in any automated decision-making.

If you want to complain about or comment on how we have processed your personal information, you should email dataprotection@stirling.gov.uk

If you are still unhappy with how the council handled your complaint, you can contact the UK Information Commissioner's Office at:

The Information Commissioner,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire SK9 5AF

Phone: 0303 123 1113

You can find further information on the Information Commissioners Office website.