Staff Guide to Information Sharing



Similar documents
Information Sharing: Pocket guide

Information sharing. Advice for practitioners providing safeguarding services to children, young people, parents and carers

Fair Processing of Personal Data Pupil personal details Fair Processing of Personal Data The Local Authority...

Bexley Safeguarding Children Board. Information Sharing and Secure Document Transfer Guidance

This document has been archived. Information Sharing: Guidance for practitioners and managers

SANDYMOOR SCHOOL GUIDANCE ON ACCESS TO STUDENT RECORDS

1. Introduction Statement of Policy The Eight Principles of Data Protection Scope Roles and Responsibilities.

Data protection compliance checklist

Safeguarding Children Policy (Early Years Child Protection)

Data and Information Sharing Protocol and Agreement for Agencies Working with Children and Young People

MRS Guidelines for Business-to-Business Research. October 2011

3. Frequently asked questions about CAF and Lead Professional 3.1 List of Frequently asked Questions 3.2 Frequently Asked Questions and Answers

PRIVACY AND DATA SECURITY MODULE

Barnet Partnership Information Sharing Protocol

Data Transfer Policy. Data Transfer Policy London Borough of Barnet

Safeguarding Adults. Your Responsibilities. Categories of Abuse. Your Role as Alerter. Information Sharing. The Mental Capacity Act

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

INSOLVENCY CODE OF ETHICS

Accessing Personal Information on Patients and Staff:

Code of Conduct for Pre-registration Trainee Pharmacy Technicians

Merthyr Tydfil County Borough Council. Data Protection Policy

UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY

Effective from 1 January Code of Ethics for insolvency practitioners.

Data protection. Data sharing code of practice

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Draft guidance for registered pharmacies providing internet and distance sale, supply or service provision

Data Transfer Policy London Borough of Barnet

STATEMENT OF ETHICAL PRACTICE

Information Governance Framework. June 2015

Information Sharing Policy

Code of Ethics for Pharmacists and Pharmacy Technicians

Data Protection Policy

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

Professional Ethics in Liquidation and Insolvency

Guidance Notes for Safeguarding Children and Vulnerable Adults

DATA PROTECTION POLICY

4374 The Mauritius Government Gazette

Information Governance

Data Protection Policy

New Ross Credit Union Web Site Statement

UNIVERSITY OF ST ANDREWS. POLICY November 2005

Personal Data Handling and Sharing Policy

Information Security Adults Services. Practice guidance. Revised Version: 1.2 Effective from: August 2014 Next review date: August 2015

Business Ethics Policy

FlexPlus Current Account Worldwide Emergency Card Assistance

Data Protection Policy

Review of compliance. Brico Limited t/a Bluebird Care (Guildford) Bluebird Care (Guildford) South East. Region:

Data Protection. Policy and Application July 2009

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ATMD Bird & Bird. Singapore Personal Data Protection Policy

ACT PUBLIC SERVICE MANAGER AND SUPERVISOR GUIDANCE PEOPLE MANAGEMENT AND MENTAL HEALTH

The Guide to Data Protection. The Guide to Data Protection

Data controllers and data processors: what the difference is and what the governance implications are

Public Health England, an executive agency of the Department of Health ("We") are committed to protecting and respecting your privacy.

Appendix: Norfolk County Council public liability insurance provision for health care procedures

Helix Energy Solutions Group, Inc. Code of Business Conduct and Ethics

The EDGE 2014 User Conference Information Governance Workshop

Appendix 11 - Swiss Data Protection Act

Derbyshire Constabulary GUIDANCE ON THE SAFE USE OF THE INTERNET AND SOCIAL MEDIA BY POLICE OFFICERS AND POLICE STAFF POLICY REFERENCE 09/268

CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH

Data Protection in Ireland

MRS Guidelines for Online Research. January 2012

POLICY FRAMEWORK AND STANDARDS INFORMATION SHARING BETWEEN GOVERNMENT AGENCIES

Principles of dental team working

Proposal of regulation Com /4 Directive 95/46/EC Conclusion

The code: Standards of conduct, performance and ethics for nurses and midwives

Code of Conduct. Property of UKAPA 20/11/2009 1

Corporate ICT & Data Management. Data Protection Policy

Working Protocol. between the Practitioner Health Programme. and. the National Clinical Assessment Service

Robyn Academy. Code of Professional Conduct for Teachers. Dance & Theatre Arts

The Code: Standards of conduct, performance and ethics for nurses and midwives

Data Protection Policy

MRS Regulations for Administering Incentives and Free Prize Draws

The Court of Protection Transparency Pilot

SAFETY AND SUSTAINABILITY POLICY

Subject Access Request, Procedure, Guidance and Information

Council of the European Union Brussels, 15 January 2015 (OR. en) NOTE German delegation Working Party on Information Exchange and Data Protection

How To Ensure Your Office Meets The Privacy And Security Requirements Of The Health Insurance Portability And Accountability Act (Hipaa)

OUR CODE OF ETHICS. June 2013

Data Protection A Guide for Users

ASTH416 Develop practices which promote choice, well-being and protection of all individuals

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner

Under the Cybersecurity Law, network operators are obligated to consider the following security

Caedmon College Whitby

(4) THAMES VALLEY POLICE of Oxford Road, Kidlington, OX5 2NX ("Police Force"),

Monitoring Employee Communications: Data Protection and Privacy Issues

View the Replay on YouTube. The ICO s take on Information Sharing in the NHS. FairWarning Ready Executive Webinar Series 27 June 2013

AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES

Quick guide to the employment practices code

AlixPartners, LLP. General Data Protection Statement

DATA PROTECTION POLICY

SMS and Texting - A Guide to the Future

Standards of conduct, ethics and performance. July 2012

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

Information Governance. and what it means for you

Information Security Policy. Chapter 12. Asset Management

DATA PROTECTION POLICY

ASPEN AUSTRALIA BRANCH PRIVACY POLICY

SOCIAL MEDIA POLICY FOR VOLUNTEERS TEMPLATE

Code of Conduct. Code of Conduct

Transcription:

Central Bedfordshire Council www.centralbedfordshire.gov.uk Staff Guide to Information Sharing May 2015 Security Classification: Not Protected

Factors to consider before sharing information When deciding whether to enter into an arrangement to share personal data (either as a provider, a recipient or both) you need to identify the objective that it is meant to achieve. You should consider the potential benefits and risks, either to individuals or society, of sharing the data. You should also assess the likely results of not sharing the data. You should ask yourself: What is the sharing meant to achieve? You should have a clear objective, or set of objectives. Being clear about this will allow you to work out what data you need to share and who with. It is good practice to document this. What information needs to be shared? You shouldn t share all the personal data you hold about someone if only certain data items are needed to achieve your objectives. For example, you might need to share somebody s current name and address but not other information you hold about them. Who requires access to the shared personal data? You should employ need to know principles, meaning that other organisations should only have access to your data if they need it, and that only relevant staff within those organisations should have access to the data. This should also address any necessary restrictions on onward sharing of data with third parties. When should it be shared? Again, it is good practice to document this, for example setting out whether the sharing should be an on-going, routine process or whether it should only take place in response to particular events. How should it be shared? This involves addressing the security surrounding the transmission or accessing of the data and establishing common rules for its security. How can we check the sharing is achieving its objectives? You will need to judge whether it is still appropriate and confirm that the safeguards still match the risks.

What risk does the data sharing pose? For example, is any individual likely to be damaged by it? Is any individual likely to object? Might it undermine individuals trust in the organisations that keep records about them? Could the objective be achieved without sharing the data or by anonymising it? It is not appropriate to use personal data to plan service provision, for example, where this could be done with information that does not amount to personal data. The flowchart at the end of this guidance should be able to help you further. Sharing of Personal Data Since Central Bedfordshire Council deals with sensitive and personal information, it must comply with the Data Protection Act which regulates the processing of such data (as defined in sections 1 and 2 of the Act). Processing of personal data must comply with the requirements of all eight data protection principles specified within the Act unless an exemption applies. For processing, which consists of disclosing personal data within the UK, the most relevant data protection principles are the first five shown below: Personal data shall be processed fairly and lawfully Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. Personal data shall be accurate and, where necessary, kept up to date. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Myth buster on data protection The Data Protection Act 1998 is not a barrier to sharing information but provides a framework to ensure that personal information is shared appropriately. Data protection law reinforces common sense rules of information handling. It is there to ensure personal information is managed in a sensible way. It helps us strike a balance between the many benefits of public organisations sharing information, and maintaining and strengthening safeguards and privacy of the individual.

It also helps us balance the need to preserve a trusted relationship between practitioner and client with the need to share information to benefit and improve the Services provided or, in some instances, protect the public. Seven Golden Rules For Information Sharing Remember that the Data Protection Act is not a barrier to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately. Be open and honest with the person (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so. Seek advice from your Manager or the FOI & Privacy Specialist if you are in any doubt, without disclosing the identity of the person where possible. Share with consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, that lack of consent can be overridden in the public interest. You will need to base your judgement on the facts of the case. Consider safety and well-being: Base your information sharing decisions on considerations of the safety and well-being of the person and others who may be affected by their actions. Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely. Keep a record of your decision and the reasons for it whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose. What Should an Information Security Agreement Look Like? The Bedfordshire Information Sharing Protocol is an agreement to a set of standards for the sharing of personal information between organisations across Bedfordshire to facilitate the development of information sharing agreements for individual projects that require data and information sharing. You should use this protocol as the basis for your information sharing agreement. It is available on the Information Governance page on the staff intranet. If you are having difficulties, please contact the FOI & Privacy Specialist/Legal Services for assistance.

Flowchart of Key Question for Information Sharing You are asked to or wish to share information Is there a clear and legitimate purpose for sharing information? Does the information enable a person to be identified? Is the information confidential? T SURE SEEK ADVICE Do you have consent? YOU CAN SHARE Is there sufficient public interest to share? DO T SHARE Identify how much information to share Distinguish fact from opinion Ensure that you are giving the right information to the right person Ensure you are sharing the information securely Inform all persons that the information has been shared if they were not aware of it. Record the information sharing decision and your reasons in line with information sharing guidance.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information