The Information Commissioner published a statutory Code of Practice on Data Sharing on 11 May 2011. When launching the Code, the Commissioner noted that “organisations that don’t understand what can and cannot be done legally are as likely to disadvantage their clients through excessive caution as they are by carelessness”. Accordingly, the Code is aimed at improving understanding and increasing efficiency within the field of data processing. The law has not changed: this is simply a model for good practice.
The Code provides guidance on two particular types of data sharing: ‘routine’ sharing, where the same organisations frequently swap or pool information for a certain purpose, and ‘one off’ instances, which could include sharing of information in an emergency. The kind of practical tips offered by the Code hint at the broad approach that the Commissioner expects data handlers to adopt. For instance, they advise organisations that share data with each other to ensure that information is held in a standardised way and that their respective processing systems are wholly compatible. This is to ensure that data is not corrupted or inadvertently altered; a useful reminder that the Data Protection regime is not just about guarding against unauthorised leaks of information, but also about maintaining the accuracy and usefulness of data within today’s ‘information society’.
The Code also provides case studies which illustrate what organisations can and cannot do when presented with particular problems. Even those already familiar with the letter of the Act may find these useful in finding better ways to comply. The Code of Practice and the accompanying summary checklists can be found at the ICO’s website: www.ico.gov.uk.
The corporate and commercial team at Blackadders is on hand to assist those looking to re-evaluate their data protection procedures in light of the Code.