ICO lays down data sharing Code of Practice

The Information Commissioner's Office (ICO) has released a new statutory code of practice intended to govern the means by which individuals' personal information is shared by commercial organisations and public sector bodies.

As independent body established to uphold information rights in the public interest, the ICO has aimed to stamp its authority on what it has denoted as both routine' and one-off' instances of data sharing.

The ICO's latest documentation is intended to act as a reference point for instances such as a local authority sharing information with the health service, or when a building society provides information to a credit reference agency.

The documentation itself is composed of best practice standards as well as public and private sector case studies designed to explain practically how the Data Protection Act applies to data sharing.

"Few would argue that sharing data can play an important role in providing an efficient service to consumers in both the public and private sector. More and more transactions are done online - from shopping and banking to managing tax and health records," said information commissioner, Christopher Graham.

"People now have an expectation that, where appropriate and necessary, their personal details may be shared. However, this does not mean that companies or public bodies can do this just as they see fit. The public rightly want to remain in control of who is using their information and why, and they need to feel confident that it is being kept safe." The cross-industry code of practice aims to cover the when, whether and how of personal information should be shared. It also aims to reduce the risk of the inappropriate or insecure sharing of personal data.

The ICO says that companies and public bodies adhering to its code should minimise their risk of breaking the law and consequent enforcement action by the ICO or other regulators.