Data Sharing Review Report
General Principles
Before sharing personal information relevant questions are:
- What information do you wish to share?
- What is your purpose in sharing this information?
- Can you achieve your purpose without sharing the information?
- Are you confident that you are sharing no more and no less information than is necessary?
- Do you have the legal power to share the information?
- Do you have the technical competence to share information safely and securely?
- What safeguards will counter the risks that will necessarily arise as a result of sharing?
- By what means and on what basis did you or will you acquire the information?
Proportionality is critical in any decision ie an objective judgement as to whether the benefits outweigh the risks, using a test of reasonableness or common sense. It involves a considered and high-quality decision based on the circumstances of the case, including the consequence of not sharing. Decisions must flow from the principles of relevance and necessity and the need to avoid an excessive approach.
-
What benefits are sought from the proposed sharing?
-
What harm will be curbed or prevented?
-
How are the purposes articulated?
-
What personal information is relevant?
-
With whom will it be shared?
-
What information is it necessary to share?
-
Can less information be shared or retained for shorter periods?
-
What will be the likely effect on individuals and society?
-
Is sharing personal information necessary for the provision of a service?
-
Is more information shared than the service requires?
-
Is the customer aware of the nature and extent of the sharing?
-
What mechanisms are needed to alert citizens to services they are neither receiving nor seeking, but from which they might benefit?
-
Issues of consent, confidentiality and scope require attention.
Key themes - the most contentious core issues when considering data sharing are:
Proportionality
- highly transparent and exposed to public scrutiny
Consent
- free genuine and informed (-unless meaningless / impracticable when organisations must explain clearly at the outset that data will be used for specified purposes, indicating reasons and specific safeguards.) 'Fresh consent' - 're-consent' - to further and incompatible use of personal information outside the terms of the original consent. NB 'Incompatible with' is not the same as 'different from'. Fresh consent whenever an organisation wishes to reuse personal information for clearly beneficial and not incompatible purposes would be a disproportionately heavy burden, particularly if the data pool is large.
- Implied consent requires considerable transparency.
The NHS should build on efforts to educate patients by making general and widely advertised statements about how people's health information might be used in the future.
Consent clauses should be written in a way that provides for reasonable additional uses of information, while giving patients and others sufficiently specific explanations and safeguards to prevent inappropriate uses or sharing of information about them.
Legal ambiguity
- The Act's necessary breadth and openness are open to misinterpretation and considerable uncertainty exists around the legal framework for sharing personal information.
Guidance
- Organisations should regard the Information Commissioner's Office as the central source of clear, authoritative and widely focused guidance on information sharing and should tailor that guidance as far as possible to their own particular needs.
ICO Framework Code of Practice for sharing personal information here
Privacy Impact Assessment Handbook here
People and training
- All staff handling personal information must be made fully aware of its value, and of the increased risks that arise when it is shared outside the organisation.
CED 24.7.08
