Winchester Vacancies

ICO consults on statutory code for data sharing

The Information Commissioner’s Office is to consult on the UK’s first-ever code of practice on data sharing.

The watchdog has published today a draft statutory code setting out a model of good practice for public, private and third sector organisations. “It covers routine data sharing as well as one-off instances where a decision is made to release data to a third party,” it said.

The ICO explained that the code would apply to activities such as:

  • a local authority disclosing personal data about its employees to an anti-fraud body
  • a school passing information about under-performing children to a social services department
  • the police passing information about the victim of a crime to a counselling charity
  • a GP sending information about a patient to a hospital
  • the police and immigration authorities exchanging information about individuals thought to be involved in serious crime
  • two departments of a local authority exchanging information to promote one of the authority’s services
  • two neighbouring health authorities sharing information about their employees for fraud prevention purposes
  • a school providing information about pupils to a research organisation.

The code of practice covers a number of areas including what factors an organisation must take into account when coming to a decision about whether to share personal data, and the point at which individuals should be told about their data being shared.

It also addresses the security and staff training measures that must be put in place, the rights of the individual to access their personal data and when it is not acceptable to share personal data.

The code will not impose additional legal obligations and is not an authoritative statement of the law. However, it will be capable of being used in evidence in any legal proceedings, not just proceedings under the Data Protection Act.

The Information Commissioner, Christopher Graham said: “Under the right circumstances and for the right reasons, data sharing across and between organisations can play a crucial role in providing a better, more efficient service to customers in a range of sectors – both public and private. But citizens’ and consumers’ rights under the Data Protection Act must be respected.

“Organisations that don’t understand what can and cannot be done legally are as likely to disadvantage their clients through excessive caution as they are by carelessness. But when things go wrong this can cause serious harm. We want citizens and consumers to be able to benefit from the responsible sharing of information, confident that their personal data is being handled responsibly and securely.

Graham called on organisations holding personal data to comment on the draft code of practice, so that the ICO can ensure it is “robust and adaptable” and can be applied across the board.

A copy of the proposed code of practice can be downloaded here. The consultation lasts until 5 January 2011.