Public sector bodies must carry out an analysis of the risks and benefits to individuals and society before sharing personal data between agencies, the UK’s Information Commissioner’s Office (ICO) has said.
The data privacy watchdog has set out a series of factors that public bodies should consider before sharing personal information between departments or with other agencies.
New legislation to increase data sharing powers between government departments and other public agencies has been repeatedly promised by ministers, sparking controversy among opposition parties and privacy campaigners.
So far the ICO has stopped short of opposing the government’s moves, although information commissioner Richard Thomas has warned of the dangers of a “surveillance society.”
In the new guidance on its approach, the ICO says it is essential that public bodies address any risks connected with data sharing and take “reasonable steps” to safeguard personal information.
Public authorities must also consider whether consent is needed before personal information is shared between agencies and ensure transparency about what information is being shared and when, the guidance says. Authorities must also make sure the quality and accuracy of information is good enough to support the intended use.
Iain Bourne, head of information sharing at the ICO, says: “They must ensure that there is protection for the people the information is about.” Public bodies must “take a sensible approach to information sharing which enables them to fulfill their data protection responsibilities whilst providing high quality public services”.
Last week, Thomas told public bodies they should not consider freedom of information requests as a threat.