The Information Commissioner's Office (ICO) has published a new guide that sets out a framework for organisations that need to share people's personal information.
The Framework Code of Practice for Sharing Personal Information explains how public and private sector organisations can set up their own arrangements to ensure that where personal information is shared, good practice is adopted. The ICO will be able to endorse organisations' own codes of practice subject to the right to audit them.
The new guide breaks down compliance into easy steps, helps organisations develop consistent standards, and gives staff the confidence to make well-informed decisions about information sharing.
The ICO said the framework will help organisations decide when and what information to share. It highlights the consequences of sharing and deals with consent.
"The framework outlines factors such as security, accuracy of information and retention periods that organisations need to consider when sharing personal information with another organisation or within their own organisation," it said. Organisations can adopt it all or to use some of it into their own policies and systems.
Anyone who processes personal information must comply with eight principles, namely, that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection