Title: Information Sharing to improve better outcomes for children and young people: a perspective from the
1Information Sharing to improve better outcomes
for children and young people a perspective from
the Information Commissioners Office
- Thursday 27 April 2006
- Louisa Stillwell
- Senior Guidance Promotion Manager
- Information Commissioners Office
2Outline for today
- Who we are
- What we do
- Data Protection Act 1998
- Data Protection Principles
- Information Sharing
- Current projects the ICO view
- Information Sharing good practice
- Information Sharing - risks
3Who we are
- The Information Commissioner is an independent
authority appointed by the Queen to oversee the
Data Protection Act 1998 and the Freedom of
Information Act 2000.
4What we do
- Promote good practice
- Provide information
- Issue codes of practice
- Report on functions
- Maintain register of data controllers
- Consider requests for assessments under DPA
decisions under FOIA and EIR
5Data Protection Act 1998
- Background ECHR, 84 Act, Dir 95/46/EC, 98 Act
- Gives rights to individuals regarding information
processed about them - Places obligations on data controllers processing
personal information - Notification to ICO of processing
6Data Protection Principles
- Data must be
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept longer than necessary
- Processed in accordance with the individuals
rights - Secure
- Not transferred to countries outside of EEA
unless they provide adequate protection
7Information Sharing fairly and lawfully
- Fairness
- Awareness
- Expectation
- Lawfulness
- Conditions for processing
- Other relevant laws
8Information Sharing fairly and lawfully
- Conditions for processing
- Personal data Schedule 2 condition
- Sensitive personal data Schedule 3 condition
- Most relevant?
- Schedule 2
- Consent
- Vital interests
- Functions conferred under enactment
- Functions of Minister of Crown or government
department - Schedule 3
- Explicit consent
- Vital interests
- Functions conferred under enactment
- Functions of Minister of Crown or government
department - Medical purposes
9Information Sharing fairly and lawfully
- Lawfully continued.
- Complying with other relevant legislation
- E.g. Common Law Duty of Confidence
- Human Rights Act 1998
- Not acting ultra vires for a public authority
- Article 8 HRA98
- Right to private and family life
- Can be interfered with under certain conditions
10Information Sharing - other considerations
- Specified purposes
- Disclosures must be in line with those purposes
except where an exemption applies - Adequate, relevant but not excessive
- Consider what needs to be shared to fulfil
purpose and only share that information - Security
- How will it be shared?
- Who with?
- Can further use of that information be checked?
11Current Projects ICO view
- Transformational Government
- integral to transforming services
- ..but privacy rights and public trust must be
maintained - Cabinet Office Report Transformational
Government - Incorporate privacy from an early stage
- Use technology not only to improve services but
to improve privacy - Keep ICO involved
12Current Projects ICO view
- Child Index
- Argued repeatedly that plans went beyond what was
required by Laming recommendations - ICO preferred Index about those at risk
- Easier to maintain in accordance with DPA
- Keeps focus on those with real problems
- Technically more viable
- However, decision taken and ICO have been
advising on detail of how it will work, e.g.
retention of information, access, etc
13Current Projects ICO view
- Connecting for Health
- Close contact between ICO and CfH officials as
plans have progressed - Advice given on security and access
- HealthSpace
14Current Projects ICO view
- Barring and vetting scheme
- Consultation response
- Would have preferred a scheme to register those
able to work with children and vulnerable adults - A degree of intrusion into privacy justified but
must be proportionate under ECHR Art 8 - Continuation of enhanced disclosures
- Excessive information?
15Information Sharing Good Practice
- Better use of personal information opportunities
and risks (Council for Science and Technology-Nov
05) - Extensive public engagement
- Regulatory and governance frameworks to minimise
risks - Research into privacy enhancing technologies
- Federated databases rather than single
16Information Sharing Good Practice
- Better use of personal information opportunities
and risks (Council for Science and Technology-Nov
05) - Government must strike the right balance between
promoting greater access to personal data and
protecting the individualadopting the concept of
citizens owning their own data and exercising
control over how and when it is used
17Information Sharing Risks of getting it wrong
- Surveillance Society risks
- Unacceptable volumes and detail of personal
information, especially with major databases - Inaccuracy, loss of accountability
- Lack of security (Blagging problems)
- Identity theft
- Building bigger haystacks
- Loss of public trust
18Section 55 of DPA
- Adequate security and access are vital
- Information blagging is common
- Centralised information databases can add to this
- Protecting privacy is important to individuals
- ICO are calling for increased powers under
Section 55 of the DPA - Unlawful obtaining or disclosure of personal data
- Important safeguard to protect individuals who
have no choice but to provide their personal
information
19General ICO Concerns
- Increasing pace of central databases
- National Identity Register
- Children Act databases
- National Care Record System
- Increased pressure for information sharing
- Cabinet Office (Report and Misc 31), CST, Academy
of Medical Sciences - Privacy friendly options are preferable
- Anonymisation/pseudonymisation
- Federated identity management etc
20What concerns individuals?
- ICO research results 2005
- Protecting personal information third most
important social concern, after preventing crime
and improving standards in education - Increased perceptions of information
mismanagement and loss of control over personal
data
21What concerns individuals?
- Confidence in different types of organisation
(public sector) - NHS 64
- Police 54
- Government depts 42
- Local government 36
- DWP 31
- IR 28
- Schools 16
22What concerns individuals?
- Confidence in different types of organisation
(private sector) - Insurance companies 47
- Financial orgs 46
- Mail order cos 42
- CRAs 24
- Charities 22
- Telecomms 20
- Shops 20
- Internet sites 16
23Conclusion
- Where sharing information is justified, necessary
and proportionate, e.g. to protect those at risk,
DPA is not a barrier - Provides sound framework for sharing in a secure,
lawful and reasonable way - We look at the overall picture wide range of
info sharing projects in place/underway and
individuals are concerned about privacy. Privacy
considerations must be built in - Where possible, use privacy enhancing techniques
- Get input from the ICO!
24Contact us.
- Information Commissioners Office
- Wycliffe House
- Water Lane
- Wilmslow
- SK9 5AF
- Switchboard 01625 545700
- Helpline 01625 545745
- e-mail mail_at_ico.gsi.gov.uk
- www.ico.gov.uk