Business Must Assess Privacy Impact and Follow New Guidance Before Sharing Personal Information

The Framework Code of Practice for Sharing Personal Information explains how public and private sector organisations can set up their own arrangements to ensure that where personal information is shared, good practice is adopted. The ICO will be able to endorse organisations’ own Codes of Practice subject to the right to audit arrangements on the ground.

The framework helps organisations decide when to share information, what information to share, highlights the consequences of sharing and deals with the issue of consent. The framework outlines factors, such as security, accuracy of information and retention periods that organisations need to consider when sharing personal information with another organisation or within their own organisation. It is designed to be flexible, enabling organisations to adopt it wholesale or to extract some of its content and integrate this into existing Data Protection Policies and systems.

Richard Fox, Data Protection specialist at Leathes Prior, said: “Sensible information sharing has clear benefits and can be beneficial to both organisations and individuals. Law enforcement bodies must have access to the information they need to counter the increasingly sophisticated methods that fraudsters and other criminals are using. People’s time is valuable and tasks like online banking are now quicker for consumers thanks to relevant information being shared. However, there are also risks to sharing personal information especially as technology makes it easier to store large amounts of sensitive information about people’s private lives. Information must be shared in a secure, lawful and responsible way in order to maintain public trust and confidence.

The Data Protection Act provides organisations with a valuable framework for sharing personal information and should not be seen as a barrier. Organisations should be encouraged to use the framework to develop their own code of practice and/or update their current Data Protection Policy, to support good information sharing while maintaining public trust and respecting personal privacy.”

The new guidance has a number of practical benefits for organisations as it breaks down compliance into easy steps, helps organisations develop consistent standards, and gives staff the confidence to make well informed decisions about information sharing.
The Framework Code of Practice for Sharing Personal Information is available at www.ico.gov.uk.

If your business requires further advice and assistance on incorporating and implementing the tenet of the Code into its current business operations, please contact Richard Fox on 01603 281127. Richard is a general commercial solicitor, practising data protection and e-commerce law.