GOVERNMENT ZONE
- Central government
- Defence Management
- Devolved government
- Education
- Health and social care
- Home affairs
- Local government
- Transport
AREA OF INTEREST
Email
Print
Digg
reddit
StumbleUpon
Facebook
DeliciousFollow the data protection code
Monday, May 12, 2008
All too often, the Data Protection Act is wrongly blamed for preventing information sharing, for example where this is necessary to detect crime, protect children at risk or prevent fraud. However, as more and more information is passed from one database to another it is important to get the basics right. If information is inaccurate or out of date or it is not kept securely, trust and confidence will be lost. However, it is important there is clarity of purpose – not just sharing because technology allows it. And people must be told how their information is being shared and given choices wherever possible.
In October 2007, the Information Commissioner's Office (ICO) published its Framework Code of Practice for Sharing Personal Information. The Framework Code sets out a clear framework for organisations that need to share people's personal information. It explains in plain English how public and private sector organisations can set up their own arrangements to make sure that where personal information is shared, good practice is adopted. As the name suggests, it is a framework which organisations can use for developing their own in-house policies and procedures.
The Framework Code helps organisations decide when to share information and what information it is necessary to share; it highlights the consequences of sharing personal information and deals with the issue of consent. It outlines factors, such as security, accuracy of information and retention periods that organisations need to consider when sharing personal information, either within their own organisation or with another organisation. It is designed to be flexible, enabling organisations to adopt it wholesale or to extract some of its content and integrate this into existing policies and systems.
The ICO believes that sensible information sharing has clear benefits and can be beneficial to both organisations and individuals. Law enforcement bodies must have access to the information they need to counter the increasingly sophisticated methods that fraudsters and other criminals are using. People's time is valuable and tasks like renewing car tax online are now quicker for consumers thanks to relevant information being shared. However, there are also potential risks involved in sharing personal information, especially as technology makes it easier to store large amounts of sensitive information about people's private lives. Information must be shared in a secure, lawful and responsible way to maintain public trust and confidence.
The new guidance has a number of practical benefits for organisations. We hope it will break down compliance with data protection law into easy steps, help organisations develop consistent standards, and give staff the confidence to make well informed decisions about information sharing. The ICO will be able to endorse organisations' own codes of practice if they agree to be audited by the ICO.
A series of high profile data losses have turned effective data protection compliance into an important governance issue across the public sector. The Data Protection Act 1998 provides organisations with a valuable framework for sharing personal information and should not be seen as a barrier to legitimate, well thought out information sharing. The ICO is encouraging organisations to use the Framework Code to develop their own code of practice to support sensible information sharing while maintaining public trust and respecting personal privacy.
The ICO has also produced other tools to assist organisations in complying with the law and establishing good practice when sharing personal information. The ICO Privacy Impact Assessment Handbook has been developed to help organisations assess privacy risks of using and sharing personal information and identify solutions at the design stage of a particular project. The Data Protection Audit Manual helps organisations to audit how a particular use or disclosure of personal information has worked in practice and identify where it can be improved in the future. These tools, along with the broad range of guidance available on the ICO website, help organisations to chart a route through compliance with data protection law and establish good practice when it comes to protecting the privacy of the citizen.
The Framework Code of Practice for Sharing Personal Information, along with all other guidance produced by the ICO, is available at www.ico.gov.uk
Stephen McCartney is the head of data protection promotion at the Information Commissioners Office
COMMENTS
