The ICO’s data sharing code of practice covers both routine and one-off instances of data sharing. It includes ‘good practice advice’ which aims to help organisations that share personal information – for example when local authorities share information with the health service or when building societies provide information to a credit reference agency. The code gives advice on when and how personal information can be shared as well as how to keep it secure.
The ICO consulted on a draft code last October. A number of changes have been made, including the addition of more public and private sector case studies to explain practically how the Data Protection Act applies to data sharing.
Along with the full code of practice, the ICO has also published a summary checklist that can be used as a quick reference guide to sharing information.
According to the ICO, by following the code, organisations should find they have:
- a better understanding of when, whether, and how personal information should be shared;
- improved trust and a better relationship with the people whose information they want to share;
- reduced risk of the inappropriate or insecure sharing of personal data; and
- minimised risk of breaking the law and consequent enforcement action by the ICO or other regulators.
Information Commissioner, Christopher Graham, said:
“Few would argue that sharing data can play an important role in providing an efficient service to consumers in both the public and private sector. More and more transactions are done online – from shopping and banking to managing tax and health records. People now have an expectation that, where appropriate and necessary, their personal details may be shared. However, this does not mean that companies or public bodies can do this just as they see fit. The public rightly want to remain in control of who is using their information and why, and they need to feel confident that it is being kept safe. The code of practice we’ve issued today offers a best practice approach that can be applied in all sectors. It reflects the constructive comments we received during the consultation period, meaning that we can be confident that it not only makes sense on paper but will also work in the real world too. I’d encourage all businesses and public bodies that share personal data to get to grips with the code without delay so they can be sure they are getting it right.’