Local authorities should conduct a risk assessment before sharing personal data with other public bodies. Sharing can be legitimate, but only when the benefits and risks have been weighed up, the Information Commissioner has said.
The Information Commissioner's Office (ICO) has produced guidelines for local authorities to follow when they want to share data with other agencies or authorities or even between departments of the same authority.
Authorities should only share personal data once they have identified the risks and benefits and once they have ensured that the data to be shared is accurate, and that it can be protected after the transfer.
“If local authorities intend to share personal information, they must ensure that there is protection for the people the information is about," said Iain Bourne, head of information sharing at the ICO.
The assessment that should be made regarding the risks and benefits of sharing data should not just focus on the individual concerned, according to the guidance.
"Information sharing should be supported by a sound business case, preferably accompanied by a Privacy Impact Assessment," said the guidance. "This should identify the intended benefits and demonstrate that the data protection risks have been identified and addressed. The benefits may arise for society as a whole or for the individuals directly affected.
"The data protection risks are those which involve intrusion into personal privacy or which threaten the integrity of the personal data," it said.
The ICO said that it would allow public authorities some latitude in terms of privacy to ensure that organisations were able to reap the benefits of modern information systems.
"ICO will avoid an overly restrictive application of data protection law where that would lead to organisations failing to make sensible use of the information they hold," it said. "ICO recognises that modern information technology allows the sophisticated analysis and rapid transmission of information. Our approach will not prevent public bodies making the most of the benefits that technology can bring to society and individuals."
Bourne said that the ICO expects authorities to strike a balance between privacy and service delivery. "We expect local authorities to take a sensible approach to information sharing which enables them to fulfil their data protection responsibilities whilst providing high quality public services," said Bourne.