Out-Law News 2 min. read
16 Sep 2013, 3:51 pm
The body, which advises the Government on law reforms, said that it was unsure whether changes to the law would be needed in order to better facilitate data sharing within the public sector and that it was carrying out a "scoping exercise" to find out more about the perceived obstacles that exist.
"The problems with data sharing between public bodies may originate from a number of causes other than a deficit in substantive law, such as: a lack of guidance or education; insufficient technology; cultural blocks; inadequate organisation; or excessive sanctions," the Law Commission said. "The objective of this [scoping] exercise is not to propose any reform to the current legal framework but to investigate the root causes of the reported obstacles to data sharing between public bodies. Once these causes are identified, we will decide whether a full law reform project is needed, and will make recommendations accordingly."
One of the barriers that restricts the extent to which data held by public bodies can be shared is the application of data protection rules.
The Law Commission has asked for respondents' views on whether data protection rules appropriately balance "the ability of public bodies to share data and the need to protect privacy or other rights of data subjects".
In addition, consultation respondents have been asked for their views on whether reputational damage, the possibility of formal sanctions or other "adverse consequences" in disclosing personal data without authorisation negatively impacts on data sharing.
The Law Commission is also keen to better understand whether fears about the security of systems through which data is shared is a factor in public bodies' reluctance to share data. It also wants to find out to what extent contractual, employment and intellectual property rights impact on the ability of public bodies to share the data they hold.
"Why should public bodies share data at all? A number of clear public benefits are claimed for data sharing, from controlling fraud and error in the state’s financial relations with the citizen to improving the quality of policy making and service delivery," the Law Commission said. "We are also clear that there would only be a problem if it is legitimate data sharing that is being prevented. There are legal aspects to this but it also raises matters of principle. Sharing cannot be legitimate if it is unlawful. The laws of data protection and confidentiality place limits on lawful sharing."
"There are also questions as to whether public bodies should have the legal power to share data even where the sharing is not prevented by these prohibitions. There are important ethical limits on what the state should know about individuals at all; and further, on how information should be disseminated between different institutions within the state," it added.
In 2011 the UK's data protection watchdog, the Information Commissioner's Office (ICO), issued guidance to organisations on sharing personal data. The ICO suggested questions an organisation might ask itself when conducting a risk assessment ahead of potentially sharing personal information.
"Is any individual likely to be damaged by it? Is any individual likely to object? Might it undermine individuals’ trust in the organisations that keep records about them? Could the objective be achieved without sharing the data or by anonymising it? It is not appropriate to use personal data to plan service provision, for example, where this could be done with information that does not amount to personal data," the ICO said in its guidance.