Understanding the Data Sharing Code of Practice: Insights from the ICO
This presentation highlights the key aspects of the Data Sharing Code of Practice by the Information Commissioner's Office (ICO). It covers essential elements such as the principles of fairness, transparency, and consent, along with governance and security measures necessary for sharing information. Presented by Ken Macdonald at the National Community Safety Convention on September 10, 2013, it emphasizes the regulatory framework provided by the ICO, including the Data Protection Act and the establishment of individual rights. Ensuring proper protocols protect sensitive information is also discussed.
Understanding the Data Sharing Code of Practice: Insights from the ICO
E N D
Presentation Transcript
Data Sharing – Back to Basics Ken Macdonald Assistant Commissioner Information Commissioner’s Office National Community Safety Convention 10 September 2013
Content • The Information Commissioner’s Office • Group Work • The Data Sharing Code of Practice
The Information Commissioner’s Office • The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals • Regulator of: • The Data Protection Act 1998 • The Privacy and Electronic Communication Regs2003 • The Freedom of Information Act 2000 • The Environmental Information Regs 2004
The Information Commissioner’s Office • Information Commissioner: Christopher Graham • Head Office – Wilmslow, Cheshire • Regional Offices in Edinburgh, Belfast and Cardiff
ICO Data Sharing Code of Practice • Data Sharing and the Law • Deciding to Share • Fairness, transparency & Consent • Governance • Security of shared information • Individual Rights • Notification • Things to avoid • Protocols
Data Sharing and the Law • Check your vires • Express Obligations – legal requirement to share • Express Powers – a stated power to share, but not to the extent of an obligation • Implied Powers – sharing is reasonably incidental to an activity within express obligations/powers • Take legal advice before proceeding
Deciding to Share Why do you want to share ? What information do you need to share? Who will you share it with ? When should it be shared ? How should it be shared ? Can the objectives be achieved differently ?
Fairness, Transparency & Consent (1) Privacy notices Who you are Why you want to share Who you are sharing with Passive v Active Privacy Notices
Fairness, Transparency & Consent (2) Do NOT seek consent if statutory requirement Nevertheless, normally good practice to inform of sharing Consent most likely required where: • confidential information to be shared without clear legal basis • individuals may be expected to object • where there may be a significant and adverse impact on an individual/group
Governance • Data Sharing Agreements / Protocols • Privacy Impact Assessments • Data Standards • Staff Training
Security of Shared Information • Organisational Security • Physical Security • Technical Security
Individual Rights • Rights to Access • Right to Object • Queries and Complaints
Notification • Legal requirement • Keep your notification up-to-date • Prosecutions are frequent
Things to avoid • Failure to inform individuals about sharing • Sharing excessively • Sharing irrelevant information • Sharing inaccurate information • Sharing insecurely
Information Sharing Protocols • Purpose of Sharing • Partner Organisations • Data to be shared • Legal basis for sharing • Meeting individuals’ rights • Governance
Information Commissioner’s Office 45 Melville Street Edinburgh EH3 7HL 0131 244 9001 scotland@ico.org.uk www.ico.org.uk
