Community Safety Partnership

To comply with the UK General Data Protection Regulation (UK GDPR), where personal data relating to a data subject is collected, Lancashire County Council would like to provide you with the following details.

Contact details of this Lancashire County Council service:

Note that for queries intended for this specific service, do not contact the Data Protection Officer (DPO) mailbox, instead please direct your query to the following point of contact:

Communitysafety@lancashire.gov.uk

Reasons for processing your personal data

We process personal data as part of our Community Safety Partnership activity to help keep people safe and to improve the wellbeing of communities across Lancashire. This includes working with partner organisations to:

  • prevent and reduce crime, anti-social behaviour and serious violence
  • identify and respond to risks to individuals, families and communities
  • protect children and adults who may be vulnerable or at risk of harm
  • support early intervention and prevention activity to stop issues from escalating
  • enable coordinated action between organisations so that services are joined-up, proportionate and effective
  • assess patterns of harm, repeat incidents or emerging risks to inform targeted responses
  • support enforcement, safeguarding and public protection where necessary
  • improve understanding of community safety issues to inform planning, commissioning and resource allocation

Personal data is only used where it is necessary to achieve these purposes and is shared in a controlled and proportionate way between relevant organisations involved in community safety.

Use of artificial intelligence (AI) technologies

We are increasingly utilising AI technologies to process your personal data. This is primarily utilised within Lancashire County Council using Microsoft Copilot Web and Microsoft Copilot 365. Please consult our Artificial Intelligence privacy notice for more details of how we use these specific platforms.

We do not use AI to make automated decisions. There is always a human intervention to review and approve any outputs from the AI tools. Decisions are not made solely by automated means.

Within the Community Safety Partnership, Lancashire County Council may use AI-enabled tools to support the efficient and effective handling of information. These tools are used to assist staff with administrative and analytical tasks rather than to replace professional judgement.

In practice, this may include using AI technologies such as Microsoft Copilot to:

  • summarise case information, reports or meeting notes
  • help draft documents, correspondence and partnership updates
  • identify relevant themes, risks or trends in information already held
  • support research, policy development and service improvement work
  • improve productivity when managing large volumes of information

AI tools are used as a support function only. Personal data entered into these systems is limited to what is necessary, and staff are trained to ensure that information is handled appropriately, securely and in line with data protection requirements.

Outputs generated by AI are always reviewed by a member of staff to ensure accuracy, relevance and appropriateness before being used or shared.

Legal basis for processing personal data

We process personal data in connection with Community Safety Partnership activities under the following lawful bases in Article 6 of the UK GDPR. These are supported by statutory duties and powers placed on Lancashire County Council and its partners:

  • Article 6(1)(c) – Legal obligation
    Processing is necessary to comply with legal obligations placed on the Council and partner organisations. This includes duties under legislation such as:
    • Crime and Disorder Act 1998 (including Section 17 duty to consider crime and disorder in all functions and provisions relating to Community Safety Partnerships)
    • Anti-social Behaviour, Crime and Policing Act 2014
    • Children Act 1989 and 2004 and Care Act 2014 (safeguarding duties)
  • Article 6(1)(e) – Public task
    Processing is necessary for the performance of tasks carried out in the public interest or in the exercise of official authority. This includes partnership working to prevent and reduce crime, disorder, reoffending, substance misuse and serious violence, and to safeguard individuals and communities.

Relevant legislative frameworks include:

  • Police and Justice Act 2006 (strengthening partnership working)
  • Serious Violence Duty under the Police, Crime, Sentencing and Courts Act 2022
  • Local Government Acts which establish the Council’s functions and responsibilities

These lawful bases enable the appropriate sharing and use of personal data between relevant organisations to support coordinated, lawful and proportionate community safety activities.

Legal basis for processing special categories of personal data

In carrying out Community Safety Partnership activities, we may process special category (sensitive) personal data where it is necessary and lawful to do so. This includes information such as health, ethnicity, or other characteristics where relevant to safeguarding, risk assessment or support.

Processing is undertaken in accordance with the following conditions set out in Article 9 of the UK GDPR, together with the associated provisions in Schedule 1 of the Data Protection Act 2018:

  • Article 9(2)(g) – Substantial public interest
    Processing is necessary for reasons of substantial public interest, based on UK law. This includes functions relating to safeguarding individuals, preventing crime and disorder, protecting the public, and supporting those at risk.

Relevant statutory underpinning includes:

    • Crime and Disorder Act 1998
    • Children Act 1989 and 2004
    • Care Act 2014
    • Anti-social Behaviour, Crime and Policing Act 2014
    • Police, Crime, Sentencing and Courts Act 2022 (Serious Violence Duty)
      This condition is supported by appropriate safeguards as required under the Data Protection Act 2018.
  • Article 9(2)(b) – Employment, social security and social protection (where applicable)
    Where relevant, processing is necessary for the purposes of carrying out obligations and exercising specific rights in relation to social protection and safeguarding functions, particularly in relation to children and adults at risk.
    This is underpinned by legislation such as the Children Act 1989 and 2004 and the Care Act 2014.

These conditions enable the lawful and proportionate use and sharing of sensitive personal data between relevant organisations to support coordinated safeguarding, prevention and community safety activity, with appropriate safeguards in place.

Legal basis for processing criminal offence data

In carrying out Community Safety Partnership activities, we may process personal data relating to criminal convictions, offences, alleged offences, or related security measures. This information is handled with additional safeguards and only where it is necessary and lawful to do so.

Processing is carried out in accordance with Article 10 of the UK GDPR and Schedule 1 of the Data Protection Act 2018, which require that such data is processed under the control of official authority or where there is a specific legal basis in UK law.

All processing of criminal offence data is subject to appropriate safeguards, including strict access controls, information sharing agreements, and compliance with the Council’s data protection policies, to ensure it is used in a lawful, proportionate and secure manner.

Information we process about you

As part of Community Safety Partnership activity, we may process a range of personal information where it is necessary to help prevent and reduce crime and disorder, protect the public, and safeguard children and adults at risk.

The information we process may include:

  • Personal details such as your name, date of birth, address, contact information and other identifiers
  • Household and family information, including relationships and living arrangements where relevant to risk or support needs
  • Details of incidents or concerns, including reports of crime, anti-social behaviour, or safeguarding issues
  • Risk and vulnerability information, used to assess potential harm, risk of victimisation, offending, or exploitation
  • Safeguarding information, including involvement with support services or protection arrangements
  • Special category (sensitive) data, such as information about health, ethnicity or other protected characteristics where this is necessary and lawful
  • Criminal offence information, including allegations, investigations or outcomes, where required for prevention, detection or safeguarding purposes
  • Service and intervention records, including information about engagement with partner agencies and outcomes of multi-agency activity

This information may be collected directly from you or shared with us by partner organisations such as the police, local authorities, health services, housing providers and other agencies involved in community safety and safeguarding.

We only process information that is necessary, relevant and proportionate to support coordinated and effective community safety activity.

Recipients of the personal data that we process about you

We may share personal data with relevant organisations involved in Community Safety Partnership activity where it is necessary, lawful and proportionate to do so. Information is shared to support coordinated action to prevent and reduce crime, protect the public, and safeguard vulnerable individuals.

Recipients may include:

  • Law enforcement agencies, such as the police and other organisations involved in crime prevention and investigation
  • Local authorities, including district councils and other departments within Lancashire County Council
  • Health and care services, including NHS organisations and providers involved in safeguarding and support
  • Probation and youth justice services, where relevant to managing risk and reducing reoffending
  • Housing providers, including social landlords and registered housing associations
  • Fire and rescue services and other emergency services
  • Education providers, where relevant to safeguarding children and young people
  • Voluntary, community and third sector organisations, where they are supporting individuals or delivering commissioned services
  • Other statutory partners, as required under community safety and safeguarding legislation

Information is only shared on a need-to-know basis, in line with data protection law, and subject to appropriate safeguards such as information sharing agreements, policies and access controls.

Any transfers to another country

We do not routinely transfer personal data outside of the United Kingdom as part of Community Safety Partnership activities.

In limited circumstances, some information may be processed using secure IT systems or services that involve storage or access outside the UK (for example, cloud-based services used to support business operations). Where this occurs, we ensure that appropriate safeguards are in place to protect your personal data.

These safeguards include ensuring that transfers are made only where there is an adequate level of data protection in place, or by using approved mechanisms such as international data transfer agreements or standard contractual clauses, in line with UK data protection law.

Any such transfers are carefully assessed to ensure that your information remains secure and is only used for lawful and necessary purposes.

Retention periods

Lancashire County Council will only store your information for as long as is legally required or in situations where there is no legal retention period they will follow established best practice.

File type</th Descriptionth> Security Retention period
Case management records Records relating to individuals involved in community safety cases, including incidents, assessments, interventions and outcomes. Stored in secure council systems with role-based access controls, audit logs and restricted sharing. Retained for 6 years after case closure, unless required longer for safeguarding or legal purposes.
Safeguarding records Information relating to children and adults at risk, including referrals, assessments and multi-agency actions. Highly restricted access, secure systems, and additional safeguards due to sensitive nature. Retained in line with safeguarding retention schedules, typically up to 25 years or longer where required.
Anti-social behaviour and crime reports Reports, complaints and supporting evidence relating to anti-social behaviour, crime or disorder. Stored securely with controlled access and limited sharing with relevant partners. Retained for 6 years from last action or case closure.
Partnership information sharing records Records of information shared between partner agencies, including referrals and multi-agency meeting outputs. Protected by information sharing agreements and secure transfer methods. Retained for 6 years from the date of last activity.
Risk assessment and intelligence records Information used to assess risk, identify patterns or support preventative activity. Held in secure analytical systems with restricted access and monitoring. Retained for up to 6 years, or longer where ongoing risk management is required.
Meeting records and minutes Minutes and notes from community safety and multi-agency meetings. Stored in secure document management systems with controlled access. Retained for 6 years from the date of the meeting.
Correspondence Emails, letters and other correspondence relating to community safety activities. Stored in secure corporate systems with appropriate access controls. Retained for up to 6 years depending on relevance to case activity.
Performance and statistical data Aggregated and anonymised or pseudonymised data used for reporting, monitoring and planning. Where possible anonymised; stored securely with limited access. Retained in line with business need; identifiable data removed or anonymised as soon as practicable.
System logs and access records Records of system access and usage for audit and security purposes. Protected within secure IT infrastructure with monitoring and audit controls. Retained for 1–2 years depending on system requirements.

Your rights

You have certain rights under the UK General Data Protection Regulation (UK GDPR), these are those rights:

  • to be informed via Privacy Notices such as this.
  • to withdraw your consent. If we are relying on your consent to process your data, then you can remove this at any point.
  • of access to any personal information the council holds about yourself. To request a copy of this information you must make a subject access request in writing. You are entitled to receive a copy of your personal data within 1 calendar month of our receipt of your subject access request. If your request is complex then we can extend this period by a further two months, if we need to do this, we will contact you. You can request a subject access request, either via a letter or via an email to Information Governance Team, address below.
  • of rectification, we must correct inaccurate or incomplete data within one month.
  • to erasure. You have the right to have your personal data erased and to prevent processing unless we have a legal obligation to process your personal information.
  • to restrict processing. You have the right to suppress processing. We can retain just enough information about you to ensure that the restriction is respected in future.
  • to data portability. We can provide you with your personal data in a structured, commonly used, machine readable form when asked.
  • to object. You can object to your personal data being used for profiling, direct marketing or research purposes.
  • in relation to automated decision making and profiling, to reduce the risk that a potentially damaging decision is taken without human intervention.

If you want to exercise any of these rights, then you can do so by contacting:

Information Governance Team
Lancashire County Council
PO Box 78
County Hall
Preston
PR1 8XJ

Email: dpo@lancashire.gov.uk

To ensure that we can deal with your request as efficiently as possible you will need to include your current name and address, proof of identity (a copy of your driving licence, passport or two different utility bills that display your name and address), as much detail as possible regarding your request so that we can identify any information we may hold about you, this may include your previous name and address, date of birth and what council service you were involved with.

Identity and contact details of the data controller

  • Lancashire County Council, PO Box 78 County Hall, Fishergate, Preston, Lancashire, PR1 8XJ

Contact details of the data protection officer

  • Our Data Protection Officer is Joanne Winston. You can contact her at dpo@lancashire.gov.uk or Lancashire County Council, PO Box 78 County Hall, Fishergate, Preston, Lancashire, PR1 8XJ

Further information

For more information about how we use personal information see Lancashire County Council's full privacy notice.

If you wish to raise a complaint on how we have handled your personal data, you can contact the Information Governance team who will investigate the matter.

Lancashire County Council, PO Box 78 County Hall, Fishergate, Preston, Lancashire, PR1 8XJ or email: dataprotection@lancashire.gov.uk

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).