Book contents
- Frontmatter
- Contents
- Acknowledgements
- Table of statutes and case law
- Abbreviations
- 1 Introduction
- 2 Data Protection Act 1998
- 3 Definitions of personal data
- 4 The scope of the Data Protection Act
- 5 The data protection principles
- 6 Access to personal data
- 7 Data sharing
- 8 The Freedom of Information Act 2000 and Environmental Information Regulations 2004, SI 2004/3391
- 9 Scope of the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- 10 Application of exemptions and exceptions
- 11 The public interest test
- 12 Publication schemes
- 13 Compliance, the Information Commissioner and the Information Tribunal
- 14 Disclosure logs
- 15 Records management – Section 46 code of practice
- 16 Other legislation
- 17 Interaction of the legislation
- 18 Summary
- Appendix 1 Data protection principles
- Appendix 2 Flow chart of FOI
- Appendix 3 Exemptions and exceptions under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- Appendix 4 Bibliography and useful web addresses
- Appendix 5 Published standards for records management
- Index
- Frontmatter
- Contents
- Acknowledgements
- Table of statutes and case law
- Abbreviations
- 1 Introduction
- 2 Data Protection Act 1998
- 3 Definitions of personal data
- 4 The scope of the Data Protection Act
- 5 The data protection principles
- 6 Access to personal data
- 7 Data sharing
- 8 The Freedom of Information Act 2000 and Environmental Information Regulations 2004, SI 2004/3391
- 9 Scope of the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- 10 Application of exemptions and exceptions
- 11 The public interest test
- 12 Publication schemes
- 13 Compliance, the Information Commissioner and the Information Tribunal
- 14 Disclosure logs
- 15 Records management – Section 46 code of practice
- 16 Other legislation
- 17 Interaction of the legislation
- 18 Summary
- Appendix 1 Data protection principles
- Appendix 2 Flow chart of FOI
- Appendix 3 Exemptions and exceptions under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004
- Appendix 4 Bibliography and useful web addresses
- Appendix 5 Published standards for records management
- Index
Summary
Introduction
When the Data Protection Act first came out it was seen by many as a barrier to data sharing. In fact even now there are many cases when we hear ‘We can't tell you that because of data protection’. The non disclosure provisions of the Act were seen as restricting access and no account was taken of the many exemptions to these provisions, some of which were considered earlier in Chapter 6.
This chapter will examine how the Act protects personal data but does, in almost every case, allow sharing of data with third parties for legitimate purposes.
The guidelines
A few specific questions should be asked before sharing can take place. Provided that the answers are affirmative, then sharing is no problem.
The first question is: ‘Has the data subject given consent?’ This is particularly important if the data is sensitive and falls under a Schedule 3 condition (see Chapter 3.7). As was mentioned earlier, it is essential that specific consent is given by the data subject, stating that the subject agrees to the data being shared with a third party for another purpose.
If the data does not come under Schedule 3, i.e. it is non sensitive personal data, then consent is desirable but not essential, although it is important to inform the subject about the sharing. There is a requirement to issue a fair processing statement telling the subject how the data will be used and with whom it will be shared. This does not have to be too specific:
‘Your information will be shared with other areas of this authority for the purpose of providing other services to which you have already agreed and as required by law.’
This statement should also be included in the notification to the Information Commissioner that personal data is being processed (see Chapter 4.8). The individual has to be made aware of the purpose of the data sharing and with whom the data is being shared, although again a general approach is acceptable, such as ‘shared with voluntary sector’ rather than ‘XYZ Charity’, which is very specific. Remember that in most cases an individual can withdraw consent to data sharing, so systems must be in place to ensure that this can be handled promptly.
- Type
- Chapter
- Information
- Information Rights in PracticeThe non-legal professional's guide, pp. 67 - 74Publisher: FacetPrint publication year: 2008