Data protection act 1998
states that individuals’ personal and sensitive information must be kept safe
and secure and we must not share personal information without individuals’
consent. Therefore, we must obtain individuals’ consent prior to sharing their
personal information. Internal policies and procedures put restrictions on who
we can share with and what information we can share which can refer to
legislation wording ‘need to know’ and ‘right to know’.
In any emergency situation
where individuals’ life is at risk, we can share personal information with the
appropriate authority that need to know such information to save individuals
lives. An organisation has express powers and obligations to share information
with only named organisation for certain purpose. You can share individual’s
personal information with carers and other professionals such as GP, hospitals,
physiotherapists, nurses, mental health nurse, social service, only to improve
the individual’s health and wellbeing. The personal data can be shared only
with other agreed professionals in order to improve individual’s health and
wellbeing. Data also can be shared to prevent crime and identifying criminals
with appropriate authority and we do not need to obtain consent for that.
In order to share
individual’s personal data we must follow organisation’s policies and
procedures on how to share such information. Few standards are described below
–
·
Make sure person seeking information has right to know
·
Determine the purpose (it must be beneficial to the individual)
·
Make sure person seeking information is a real and right person
·
Ask the person to make a written request
· Use encrypted mail server to exchange personal data
· In the event of any doubt, you must contact organisation's information security officer
· In the event of any doubt, you must contact organisation's information security officer
