The Information Commissioner’s Office (ICO) has launched a consultation on a new statutory code of practice on the sharing of personal data.
The draft code sets out a model of good practice for public, private and third sector organisations, and covers routine data sharing as well as one-off instances where a decision is made to release data to a third party.
Examples of situations where data sharing might occur include a group of retailers exchanging information about former employees who were dismissed for stealing, a school passing information about a child to a social services department, a group of insurance companies pooling data about people making claims, GPs sending a patient’s medical records to a hospital or a retailer passing customer details to a debt collection agency or to a courier service.
The code covers a number of areas including:
- what factors an organisation must take into account when coming to a decision about whether to share personal data;
- the point at which individuals should be told that their data is being shared;
- the security and staff training measures that must be put in place;
- the rights of the individual to access their personal data; and
- when it is not acceptable to share personal data.
The Information Commissioner, Christopher Graham, said, “Organisations that don’t understand what can and cannot be done legally are as likely to disadvantage their clients through excessive caution as they are by carelessness. But when things go wrong this can cause serious harm. We want citizens and consumers to be able to benefit from the responsible sharing of information, confident that their personal data is being handled responsibly and securely.”
The consultation on the code of practice on data sharing can be found at http://www.ico.gov.uk/about_us/consultations/our_consultations.aspx.