In February the Government launched a consultation on introducing laws to allow more citizens’ data to be used for ancillary purposes by the public sector. It says:
“Proportionate, secure and well-governed information sharing between public authorities can improve the lives of citizens. It can also support decisions on the economy which allow businesses to flourish, and improve the efficiency and effectiveness of the public sector. The government aims to do more to unlock the power of data.
The consultation runs till 22nd April 2016. It looks at enabling information sharing between public authorities to improve the lives of citizens and support decisions on the economy and society.”
The proposals fall into 3 categories:
Improving public services
- allowing public authorities to share personal data in specific contexts to improve the welfare of a specific person (e.g. automatically providing direct discounts on energy bills of people living in fuel poverty)
- enabling public authorities to access civil registration data (births, deaths and marriages) (e.g. to prevent the sending of letters to people who have died)
Addressing fraud and debt
- helping citizens manage their debt more effectively and reduce the overdue debt that they owe to government (i.e. allowing sharing of information for public sector debt collection)
- helping detect and prevent the losses government currently experiences due to fraudulent activity
Allowing use of data for research and official statistics
- giving the Office for National Statistics access to detailed administrative government data to improve their statistics
- using de-identified data in secure facilities to carry out research for public benefit
Cynics may say that the proposals are really about allaying public sector fears that Government initiatives such as the Troubled Families Programme, require them to share personal data which may well breach the Data Protection Act 1998 (DPA).
A new criminal offence for unlawful disclosure of personal data is proposed to be introduced. Those found guilty of an offence will face imprisonment for a term up to two years, a fine or both. Certainly the prison element will be welcomed by the Information Commissioner who has recently reiterated his call for stronger sentencing powers for people convicted of stealing personal data under the DPA.
It is proposed that the new measures will be supported by a statutory Code of Practice, which will set out if, how and when data can be disclosed under each power. Primary legislation will set out the requirement to consult the Information Commissioner, and where appropriate Ministers in the Devolved Administrations and other relevant experts before issuing or revising these Codes. Compliance with these Codes would be a requirement for any public authority seeking to participate under the proposals; failure to abide by the Codes may result in a public authority being removed from the relevant schedule and losing the ability to disclose or receive data under the power.
The whole law on information sharing needs examining. To echo the words of the Government:
“We need to go further and update the legal regime to provide simple and flexible legal gateways to improve public sector access to information in key areas which impact the whole public sector in a systematic and consistent way so that citizens can have confidence that their data is being used for the right purposes and remains securely held.”
In 2014 the Law Commission reported on the outcome of a consultation on the law around sharing of personal information between public sector organisations. It set out its recommendations, which included a full law reform project to be carried out in order to create a principled and clear legal structure for data sharing, which will meet the needs of society. I have not come across the Government’s response to the recommendations. May be this latest consultation is it!
Of course any new laws will have to be consistent with the new EU General Data Protection Regulation (GDPR), expected to come into force in 2018 and, which will replace the DPA.
These and other Information Sharing developments will be examined in our forthcoming full day workshops and webinars.
Illustration provided by the Office of the Privacy Commissioner of Canada (www.priv.gc.ca)
