TheInformation
Commissioner's Office(ICO) has published a
new guide that sets out a framework for organisations that need to
share people's personal information.
The
Framework Code of Practice for Sharing Personal Information
explains how public and private sector organisations can set up
their own arrangements to ensure that where personal information is
shared, good practice is adopted. The ICO will be able to endorse
organisations' own codes of practice subject to the right to audit
them.
The new guide breaks down compliance into easy steps, helps
organisations develop consistent standards, and gives staff the
confidence to make well-informed decisions about information
sharing.
The ICO said the framework will help organisations decide when
and what information to share. It highlights the consequences of
sharing and deals with consent.
"The framework outlines factors such as security, accuracy of
information and retention periods that organisations need to
consider when sharing personal information with another
organisation or within their own organisation," it said.
Organisations can adopt it all or to use some of it into their own
policies and systems.
Anyone who processes personal information must comply with eight
principles, namely, that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate
protection