Is it legal for Cornwall Council to handover data to a private company?
There have been many people in Cornwall who have received letters from Capita on behalf of Cornwall Council as part of the review into the council tax single person discount (SPD). I have been contacted by not just my own electoral residents, but others too highlighting their concern in receiving these letters.
In their questions, they asked if Cornwall Council has the legal right to share personal information with a third-party like Capita. It is a very good question, so I asked the Deputy CEO of Cornwall Council. I am grateful for his swift reply to my questions.
The response I got was detailed and it looks like many other people have contacted the council asking the same question. To answer the question can a council share information like this? The simple answer is yes, it can. For those who are happy with that answer, you can stop reading. For those who want to know more, then continue readings.
The law allows councils to contract out certain functions. Ascertaining entitlement to discounts is covered in Section 12 of the Local Authorities (Contracting Out of Tax Billing, Collection and Enforcement Functions) Order 1996.
The Council has recently completed an exercise with the Audit Commission to identify those who may be inappropriately claiming a Council Tax SPD. This work has revealed approximately 1000 actual cases where a discount has been inappropriately granted and as a result the Council is in the process of recovering in the region of £440,000. You cannot argue that this is good news?
While 1000 people now correctly paying the correct amount could be called a success, it was somewhat limited as it concentrated on matching only electoral register data against council tax records. Therefore Government recommended that councils need to do more in this area and have suggested the need to engage with credit reference agencies with the view of maximizing the detection of inappropriate claims.
This enhanced service can only be provided by a credit reference agency, either directly or via a third-party provider who partners with one of the credit reference agencies, and therefore an external provider needed to be sought. Hence Capita’s involvement.
Now another worry raised, is can Capita be trusted with this information? Well, Capita Business Services Ltd holds the ISO 27001 accreditation for Information Security Management which has been accredited by BSI. So at least they can be fined a lot of money if they break any data protection rules.
Another question that was asked is why no SAE was included with the letter. I am told Cornwall Council has a standing policy not to provide reply paid envelopes going back to 2009.
So there you have it, a council can outsource this work. You might not like it, or like receiving the letter, but you cannot accuse the council of acting ultra-vires.