Overview of ‘Public Sector Data Sharing – Guidance on the Law’ as published by the Department for Constitutional Affairs Nov ‘03 John Harrison, Edentity.

Slides:

Advertisements

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Advertisements

Public Sector Information & Data Protection: A plea for personal privacy settings for the re-use of PSI Bart van der Sloot Institute for Information Law.

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

NIGB Legal requirements for use of personal data in research OnCore UK / NRES Training workshop Ethical Principles relating to consent for use of samples.

NIGB Information Governance and Confidentiality Clinical Audit and Improvement Conference February 2011 Karen Thomson Information Governance Manager.

NATIONAL INFORMATION GOVERNANCE BOARD

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Archive, Records Management and Museum Services Confidentiality, Personal Data and the Data Protection Act 1998 Alan R Bell Records Manager and Information.

Article 8 and Home Repossession. Article 8 (1) Everyone has the right to respect for his private and family life, his home and his correspondence (2)There.

Code of Federal Regulations Title 42, Chapter 1, Subchapter A Part 2 – CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENTS BRYANT D. MILLER CAC II, MAC,

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

Data Protection and Records Management

Legal and moral aspects English Nineteenth Century Philosopher, John Stuart Mill: ‘As soon as any part of a person’s conduct affects prejudicially the.

Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

National Smartcard Project Work Package 8 – Information Law Report.

1 WHY IS WHISTLEBLOWING IMPORTANT AND ON WHAT PRINCIPLES SHOULD PROTECTIVE LEGISLATION BE BASED? David Lewis, Professor of Employment Law, MiddlesexUniversity,

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection Overview

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

1 OVERVIEW PRESENTATION FREEDOM OF INFORMATION (SCOTLAND) ACT 2002.

Confidentiality, Privilege and the Tax Adviser The Impact of European Law Philip Baker QC Paul Farmer.

Competition law and Article 8 ECHR VMR, 13 March 2008 Jolien Schukking.

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

Health research and the protection of personal information rights in international ethics and human rights law Colin M Harper Promoting Health Research.

Whistle-blowing and the Law – Part I Gavin Millar QC and Dr Andrew Scott.

The Data Protection Act 1998 The Eight Principles.

Access to Public Information in Slovenia Nataša Pirc Musar, LL.B. Commissioner for Access to Public Information The Hague – 24 th -25 th November, 2004.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Information sharing: the legal framework Dr Caroline Ball Chair, Norfolk Safeguarding Children Board.

Confidentiality and responsible information handling Legal and ethical considerations Brayne & Carr: Law for Social Workers: 10e Chapter 4.

Data Protection Act AS Module Heathcote Ch. 12.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,

Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,

FREEDOM OF INFORMATION Getting to grips with the Act.

Data protection—training materials [Name and details of speaker]

Sharing Information Legally Lindsay Ould London Borough of Lewisham.

Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.

Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.

Key Knowledge Confidentiality Year 4 Medical Ethics and Law Thread Course The Ethox Centre, University of Oxford.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

Data Protection: EU & International

Data Protection The Current Regime

General Data Protection Regulation

Data protection issues in regulatory investigations

Getting it right for every child and information sharing

Data Protection Legislation

Data Protection & Human Rights

ESF Monitoring & Evaluation and Data Protection in Spain

Privacy Unit 8.

Legal Basis: CRITERIA FOR MAKING DATA PROCESSING LEGITIMATE

Data protection & FOIA considerations

Presentation transcript:

Overview of ‘Public Sector Data Sharing – Guidance on the Law’ as published by the Department for Constitutional Affairs Nov ‘03 John Harrison, Edentity Ltd, Jan 05

© Listener beware ! Law on data sharing is complex This overview fleshes out Experian’s flow-chart, but –is only a layman’s understanding –is stripped of case law For further information, consult a lawyer, and /or read the original Guidance document, available at:

© Administrative Law Human Rights Act 1998 Common Law Specific obligations Data Protection Act 1998 So you, a public servant, want to share some data ?

© Administrative Law  A public body may not act in excess of its powers (vires)  Powers derive from: Ministerial departments Other public bodies Statute Common Law Royal Prerogative Statute only  Statutory powers extend to acts ‘reasonably incidental’ to those authorised, i.e. data sharing often allowed by implication rather than explicitly

© Human Rights Act 1998 Based on the European Convention on Human Rights, of which: Article 8.1 Everyone has the right to respect for private and family life, his home and his correspondence There shall be no interference by a public authority with the exercise of this right except such as is: –in accordance with law –in the pursuit of a legitimate aim –& is necessary in a democratic society Article 8.2 NB : Intentional tension between these two criteria

© Common Law Common law duty of confidence exists Infringement may be actionable as a civil law tort of ‘breach of confidence’ provided that information: –was not in public domain –was communicated in circumstances giving rise to an obligation of confidence –was used without authorisation (detriment not necessary)  Public interest defence  Overlap with Human Rights Act ‘98 Quote from DCA Guidance “For the purpose the law of confidence, it is clear that different government departments are treated as separate legal persons, which means that information cannot be freely shared between them”

© Specific obligations of confidence Various statutory obligations prohibit the disclosure of certain types of information. These include information: arising from medical treatment (Abortion Act ‘67, Access to Medical Reports Act ‘88) supplied in connection with legal proceedings (various rules of court) arising from implementation of Health & Safety (Health & Safety at Work Etc Act ‘74) supplied to the Inland Revenue (Finance Act ’89, & Taxes Mngmnt Act ’70) supplied to the Child Support Agency (Child Support Act ’91) obtained under powers in the Companies Act ’85 acquired by a public authority pursuant to the Enterprise Act ’02

© Specific obligation to, or discretion to, disclose Some statutes impose an obligation to disclose personal information in specific circumstances. These include: an obligation on local authorities and Crown servants to furnish information required by the Child Support Agency (Child Support Act ’91) NB: The onus here is on the discloser to satisfy himself that the action is proportionate to the aim that is being achieved (c.f. HRA balancing act) Other statutes give discretion to disclose. These include: Crime & Disorder Act ’98, where necessary for the purposes of the Act Anti-Terrorism, Crime & Security Act ’01, for ‘fairly broad purposes connected with criminal investigation and prosecution’.

© Data Protection Act 1998 UK’s implementation of the EC’s Data Protection Directive (95/46/EC) See Experian / Jim Lound’s flowchart Eight principles, of which the first 2 are: i.Personal data shall be processed fairly & lawfully and, in particular, shall not be processed unless: –one of the conditions in Schedule 2 is met; &Schedule 2 –in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. Schedule 3 ii.Personal data shall be obtained only for one or more specified legal & lawful purposes, and shall not be processed in any manner incompatible with that purpose or those purposes.in any manner incompatible Various exemptions to the DPAexemptions

© Schedule 2 places few constraints upon government Schedule 2 Conditions include: Subject has given consent Where ordered by the Secretary of State Necessary: a)for the exercise of any statutory functions b)for the exercise of any functions of the Crown, a Minster of the Crown, or a government department c)for the exercise of any functions of a public nature in the public interests by any person for the legitimate purposes of the data controller, or of a third party to whom data is disclosed, except where unwarranted by reason of prejudice to the rights (etc) of the data subject + contracts, administration of justice, vital interests, compliance with law One of these conditions must be met for processing of non-sensitive data to be fair & lawful

© Similarly, Schedule 3 has little effect on government Schedule 3 Conditions include: Subject has given explicit consent Necessary: a)in the vital interests of the subject, or another, where consent cannot be obtained b)for the exercise of any statutory functions c)for the exercise of any functions of the Crown, a Minster of the Crown, or a government department + employment, medical purposes, justice, legal proceedings, ethnic monitoring, non-profit bodies, info made public, One of these conditions must be met for processing of sensitive data to be fair & lawful

© Nor is the 2nd principle a tight constraint Reminder of the 2 nd DPA Principle : Personal data shall be obtained only for one or more specified legal & lawful purposes, and shall not be processed in any manner incompatible with that purpose or those purposes. Compatible does not mean identical to. Purposes which are quite different from the original purposes can still be compatible with those original purposes Provided that the further processing is not contradictory to the originally specified purpose, or purposes, it will be - in our view - consistent with the second principle. “ “ Quotes from DPA Guidance

© Exemptions to the DPA National Security Crime & taxation Research (anonymised) Information available to the public by statute Disclosures required by law Confidential employment references

© Conclusion If a public sector entity wants to share data for a ‘reasonable’ purpose, it can probably find the legal means to do so.