Legal Update

Data Protection – Data Sharing – Personal Data – Information Commissioner’s Office

A Data Sharing Code of Practice (“the Code”) was launched by the Information Commissioner’s Office (“ICO”) to provide organisations within both the public and private sectors, with guidance on how they may share personal information legally.

Background

This is a statutory code prepared and published by the Information Commissioner under Section 52 of the Data Protection Act 1998 (“DPA”), but is not law – merely the ICO’s advice on good practice. Despite this, the Code can be used as evidence and/or taken into account by the courts in any legal proceedings. It therefore carries much weight and should not be blindly dismissed.

Who is this addressed to?

Data controllers involved in the sharing of personal data. Under the DPA, a ‘data controller’ is a person who determines the purposes for which and the manner in which any personal data are, or are to be, processed.

What is data sharing?

Data sharing is taken to mean the disclosure of data from an organisation to another or to different departments within an organisation.

The Code makes clear that data sharing can take a variety of forms ranging from obvious information sharing to pooling and covers routine and one-off sharing. Organisations should be cautious of the fact that their operations may involve data sharing even where this is not apparent on the face of it.

Why should you take notice?

The ICO has cited several reasons why data controllers should take note of this guidance. Some of the most important are as follows:-

To minimise the risk of breaking the law and avoid enforcement action by the ICO or other regulators; and
To gain a better understanding of when, or whether, it is acceptable to share information without people’s knowledge or consent or in the face of objection.

How can we help?

RT Coopers are specialists in data protection and regularly advise individuals and organisations in this regard. We provide tailored advice clients in a variety of sectors including, but not limited to:-

Education:
- Disclosing children’s details to organisations, e.g. social services, police.
Local Authority
- Data exchange between departments of local authority.
- Disclosing employee information to organisations, e.g. police, anti-fraud.
Healthcare, Pharmaceuticals and Herbal Medicines
- Sending patients’ details to doctor’s surgeries and local hospitals.
- Sharing employee information between health authorities.
Financial Institutions.
If you are a company dealing with any of these sectors or any other sectors where you might be sharing data.

We also provide specific advice to organisations on the following:-

Whether an organisation’s operations involve data sharing at all by way of legal opinion/due diligence;

§ Data sharing operations/strategy;

§ Data sharing agreements;

Ancillary legal considerations which should be taken into account when sharing data (aside from data protection):
- Confidentiality
- Copyright

Visit http://www.rtcoopers.com/practice_dataprotection.php

© RT COOPERS, 2011. This Briefing Note does not provide a comprehensive or complete statement of the law relating to the issues discussed nor does it constitute legal advice. It is intended only to highlight general issues. Specialist legal advice should always be sought in relation to particular circumstances