Privacy Policy

Privacy of your Information

This privacy policy explains how North Central London Integrated Care Board (NCL ICB) uses any information it collects about you, how you can tell us if you prefer to limit the use of that information and procedures in place to safeguard your privacy. NCL ICB's privacy notice provides a summary of how we use your information.

For the purposes of the Data Protection Act 2018 (DPA 2018) (the “Act”):

The Data Controller is NCL ICB, Laycock PDC, Laycock Street, London N1 1TH.

The Data Protection Officer (DPO) for NCL ICB is Tony Haworth.
t:  07713 081 391

Website privacy

Your privacy is extremely important to us. We only use the information you provide about yourself when using this website to answer your enquiry or to help us to improve our service to you. We do not share this information with any third party except to the extent necessary to answer your enquiry if that enquiry requires the involvement of a third party. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties.

The information we collect

We may collect and process the following data about you:

  • Information that you provide by filling in forms on our website at (our “Website”).
  • This includes information provided when completing our enquiry form or submitting feedback on a consultation.
  • This may include your name, your organisation’s name, your position, email address, business address and contact telephone number.
  • We may also ask you for information when you report a problem with our site.
  • If you contact us, we may keep a record of that correspondence.
  • NCL ICB may ask you to complete surveys for research purposes, although you do not have to respond to them.
  • Details of your visits to our site including, but not limited to, web server statistics, traffic data, location data and details of the web pages and resources that you access.

Site usage

We may collect information about your computer, including where available your IP address, operating system and browser type via the web server log files, for system administration and to analyse aggregate information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

These uses are in line with the purposes outlined in our registration with the Information Commissioner’s Office, the reference number is ZB372490.

Your information may be used to help assess the needs of the general population both on a local, regional and national level to help make informed decisions about the provision of future services. Information can also be used to conduct health research and development, monitor NHS Performance in order to allow the NHS to plan for future. As part of its planning, NCL ICB will identify areas to concentrate on concerning the health of residents in north central London.

Information sharing with other NHS agencies and non-NHS organisations

NCL ICB may share your information for health purposes and for your benefit with other organisations such as NHS England, NHS Trusts, and also general practitioners (GPs), etc. IT may also need to share information with our partner organisations.

Information may also need to be shared with other non-NHS organisations, from which you are receiving care, such as the London boroughs, and other providers from which NCL ICB commission services.

Where information sharing is required with third parties, NCL ICB will always have relevant contractual obligations and data sharing agreements in place and will not disclose any health information without your explicit consent unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires it or to carry out a statutory function.

In some exceptional circumstances, NCL ICB does not require your explicit consent to share information. This would be in cases, for example, notification of new births, a public interest issue, when the health and safety of others is at risk, fraud prevention and investigation, protecting children and vulnerable adults from harm or where the law requires it (a formal court order has been served requiring us to do so).

In these cases, permission to share must be given by NCL ICB's Caldicott Guardian, who is the senior person in the ICB with responsibility for ensuring the protection of confidential patient and service user information. NCL ICB is obliged to tell you that it has shared your information unless doing so would put you or others at risk of harm.

The law provides some NHS bodies, particularly the Health and Social Care Information Centre (NHS Digital), with permission to collect and use patient data to help commissioners to design and procure the combination of services that best suit the population that they serve.  The patient data that is supplied is not in a form that will identify you.

As a health care organisation, NCL ICB is required to support the public sector, including police, in their work. This may include the provision of personal information about patients or staff. There are legal constraints to the information that may be shared depending on the circumstances further information is available on this link:  Disclosure of personal information to the police.

Specialist advice on the handling of patient information is provided by the Information Governance team within NCL ICB to ensure all legal requirements are met when handling information.

National fraud initiative

NCL ICB is required by law to protect the public funds it administers. It may share information provided to it with other bodies responsible for auditing, or administering public funds or where undertaking a public function in order to prevent and detect fraud.

The Cabinet Office is responsible for carrying out data matching exercises.  Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information, such as key payroll data and contact details. Computerised data matching allows potentially fraudulent claims and payments to be identified. Where a match is found, it may indicate that there is an inconsistency, which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

NCL ICB participates in the Cabinet Office’s National Fraud Initiative: a data matching exercise to assist in the prevention and detection of fraud. It is required to provide particular sets of data to the Minister for the Cabinet Office for matching for each exercise, as detailed here.

The use of data by the Cabinet Office in a data matching exercise is carried out with statutory authority under Part 6 of the Local Audit and Accountability Act 2014. It does not require the consent of the individuals concerned under the Data Protection Act 2018. Data matching by the Cabinet Office is subject to a Code of Practice.

View further information on the Cabinet Office’s legal powers and the reasons why it matches particular information.

For further information about countering fraud in the NHS is available on the Report NHS fraud page.

How we keep your information confidential

It is everyone's legal right to expect that information held and used about you is safe and secure and is only used for the agreed purpose(s).

Everyone working for the NHS is subject to the Common Law Duty of Confidentiality. The information we hold about you, whether in paper or electronic form, is protected from unauthorised access. Under the NHS Confidentiality Code of Conduct, all our staff are required to protect your information, inform you of how your information will be used and allow you to decide if and how your information can be shared. All NCL ICB staff receive annual training on how to do this. This is monitored by the ICB and can be enforced through disciplinary procedures.

Information provided in confidence will only be used for the purpose(s) advised with consent given by the patient, unless there are other specific circumstances covered by the current UK General Data Protection Regulation (UK GDPR).

NCL ICB takes this responsibility very seriously and has ensured that it has robust and effective processes and procedures in place to achieve this expectation for you and the information held and processed about you.

NCL ICB ensures that information is held in secure locations with restricted access to authorised persons only. It protects any personal information that is held on our systems with encryption so that it cannot be accessed by those who do not have access rights.

How the patient information collected is used

NCL ICB has safeguards in place to prevent its staff from identifying individuals from the data that it receives, using information from services commissioned in north central London or indirectly via the Data Services for Commissioners Regional Offices using national information from various NHS organisations as outlined in the previous section.

Information from your health and social care records will be received into Data Services for Commissioners Regional Offices and any information that might allow others to identify you is removed. This means that no one can know:

  • your name
  • your exact date of birth (this is replaced with just the year of birth)
  • your postcode (this is replaced with a national standard area code that is based on the total population and number of houses in an area)

The information from your health and social care records may also contain more sensitive information about your health and also information such as outcomes of needs assessments but these are mainly coded.


To comply with UK and EU legislation we are required to tell you about the cookies used on this website.

Cookies are only used because we want you to find the information you need as quickly and easily as possible.

A cookie is a small text file that is placed on your computer when you visit a website. Cookies help websites function usefully and can provide information to website owners.

Cookies do not place viruses on your computer and cannot run programs.

The cookies do not provide us with any private or personally identifiable information about you. All data that is gathered is anonymous.

Some of the cookies we use collect information about how visitors use our site.

For example, one of our cookies counts the number of visitors to the site and notes which pages they visited. This anonymous information helps us to compile statistical reports, which can help us to improve the site.

Your web browser gives you the ability to accept or decline cookies. Generally, web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer. However, if you choose to decline cookies, some useful features of this website will not work.

For example, there is the option to view this website as text only, with no graphics. The 'useTextOnly' and 'set String' cookies remember that you have chosen to view this site with no graphics. If you choose to decline cookies you will have to select the text only option every time you view a new page.

Places to go to find out more about cookies

You can find out more about cookies, including how to see what cookies have been set and how to manage and delete them, at these sites:


How we protect your information

All information you provide to us is stored on our secure servers.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data that you transmit to our site; any transmission is therefore at your own risk. Once we have received your information, we use strict internal procedures and security features to prevent unauthorised access.

There are facilities within this web site which allow you to type in information and send it to NCL ICB. You should be aware that such transmissions are not subject to any encryption and could, in theory, be intercepted and read by someone. Therefore you may wish to avoid including information which you consider to be private. Any information you supply to NHS NCL ICB via this web site will be handled in accordance with our policies and procedures for data protection.

We also keep your information confidential. The internal procedures of NCL ICB cover the storage, access and disclosure of your information.

How we use your information

We use information held about you in the following ways:

  • To provide you with information, services that you request from us
  • To carry out our obligations arising from any contracts entered into between you and us.

Your rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us.

Our site may, from time to time, contain links to and from the websites of our clients and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

The Data Protection Act 2018 gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act.

Your consent

By submitting your information you consent to the use of that information as set out in this policy. If we change our privacy policy we will post the changes on this page, and may place notices on other pages of the Website, so that you may be aware of the information we collect and how we use it at all times. We will also e-mail you should we make any changes so that you may consent to our use of your information in that way. Continued use of the service will signify that you agree to any such changes.

Contact details

We welcome your views about our website and our privacy policy. If you have any queries or comments, or if any of the information that you have provided to the NHS NCL ICB, please contact us.

ICB oversight and responsibility

The ICB’s Caldicott Guardian and Senior Information Risk Owner (SIRO) have overall responsibility of information risks with the ICB.

The ICB is provided with specialist data protection advice from its Information Governance Compliance Manager and Data Protection Officer to ensure all legal requirements are met when handling information.

The Senior Information Risk Officer for the ICB is Karl Thompson. 

The Caldicott Guardian for the ICB is Dominic Roberts.

The Data Protection Officer for the ICB is Tony Haworth. The DPO’s email address is