The ICO launched a consultation on a statutory code of practice on the sharing of personal data on 8 October. The consultation will run for 12 weeks, ending on Wednesday 5 January 2011.
The draft code sets out a model of good practice for public, private and third sector organisations, and covers routine data sharing as well as one-off instances where a decision is made to release data to a third party.
The code covers a number of areas including:
• what factors an organisation must take into account when coming to a decision about whether to share personal data;
• the point at which individuals should be told about their data being shared;
• the security and staff training measures that must be put in place;
• the rights of the individual to access their personal data; and
• when it is not acceptable to share personal data.
Information Commissioner, Christopher Graham said:
‘Under the right circumstances and for the right reasons, data sharing across and between organisations can play a crucial role in providing a better, more efficient service to customers in a range of sectors – both public and private. But citizens’ and consumers’ rights under the Data Protection Act must be respected. Organisations that don’t understand what can and cannot be done legally are as likely to disadvantage their clients through excessive caution as they are by carelessness. But when things go wrong this can cause serious harm. We want citizens and consumers to be able to benefit from the responsible sharing of information, confident that their personal data is being handled responsibly and securely. I would encourage all organisations who handle personal data to engage with the issue and offer their comments and suggestions on the draft code …. Only then can we make sure we’ve got a robust and adaptable code of practice that can be applied across the board.’