Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2007 >  May 2007 >  Authorities should analyse risk before sharing data, says privacy chief

Authorities should analyse risk before sharing data, says privacy chief

OUT-LAW News, 25/05/2007

Local authorities should conduct a risk assessment before sharing personal data with other public bodies. Sharing can be legitimate, but only when the benefits and risks have been weighed up, the Information Commissioner has said.

The Information Commissioner's Office (ICO) has produced guidelines for local authorities to follow when they want to share data with other agencies or authorities or even between departments of the same authority.

Authorities should only share personal data once they have identified the risks and benefits and once they have ensured that the data to be shared is accurate, and that it can be protected after the transfer.

“If local authorities intend to share personal information, they must ensure that there is protection for the people the information is about," said Iain Bourne, head of information sharing at the ICO.

The assessment that should be made regarding the risks and benefits of sharing data should not just focus on the individual concerned, according to the guidance.

"Information sharing should be supported by a sound business case, preferably accompanied by a Privacy Impact Assessment," said the guidance. "This should identify the intended benefits and demonstrate that the data protection risks have been identified and addressed. The benefits may arise for society as a whole or for the individuals directly affected.

"The data protection risks are those which involve intrusion into personal privacy or which threaten the integrity of the personal data," it said.

The ICO said that it would allow public authorities some latitude in terms of privacy to ensure that organisations were able to reap the benefits of modern information systems.

"ICO will avoid an overly restrictive application of data protection law where that would lead to organisations failing to make sensible use of the information they hold," it said. "ICO recognises that modern information technology allows the sophisticated analysis and rapid transmission of information. Our approach will not prevent public bodies making the most of the benefits that technology can bring to society and individuals."

Bourne said that the ICO expects authorities to strike a balance between privacy and service delivery. "We expect local authorities to take a sensible approach to information sharing which enables them to fulfil their data protection responsibilities whilst providing high quality public services," said Bourne.

 

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.