Archive for December, 2007

Freedom of Information: Designation of Additional Public Authorities

Tuesday, December 18th, 2007

NOTES TO USERS

It is most helpful if you direct your comments specifically to the consultation’s questions, although we also welcome more general comments.

Introduction

This paper sets out for consultation proposals for increasing (subject to further consultation) the types of public organisations from which the public can access information. The consultation is aimed at:

  • public authorities working with organisations that are not covered by the Freedom of Information Act 2000;
  • those organisations carrying out public functions that are not currently covered; and the general public and others interested in access to public information in England, Wales and Northern Ireland.
  • members of the public

(Did not include standard formalities re stakeholders - which does not include ORG - and observing consultations code of practice criteria)

The proposals

1. The Freedom of Information Act 2000 (the Act) came into force on 1 January 2005. The Act makes provision for the disclosure of information held by public authorities. This contributes to the Government’s aim to strengthen the connection between citizens and the state. The Act aims to enable greater transparency, accountability and engagement, for example by providing more information about how taxpayers’ money is spent or by providing the context for better informed public debate.

2. The Act applies to over 100,000 public authorities. These include central government departments, local authorities, schools, colleges and universities, the health service, the police and a range of other public authorities. Those to which the Act applies are required to have a publication scheme, which sets out what information they routinely make available and how, and to answer requests for information in a timely manner. There are three categories to which the Act applies:

  • persons or organisations listed in Schedule 1 to the Act, either by name or by a description (such as ‘any government department’)
  • companies which are wholly-owned by a public authority
  • persons or organisations ‘designated’ by the Secretary of State as public authorities for the purposes of the Act.

The Act terms these persons or organisations ‘public authorities’. This paper uses the term ‘public authority’ to mean a person or an organisation covered by the Act. In the rest of the paper we discuss the coverage of organisations; however individuals who hold a specific office, for example the Auditor General for Wales, can also be covered in the same way.

3. There are clearly defined criteria for an organisation to be listed in Schedule 1 to the Act. Broadly speaking:

  • the body must be established under the Prerogative, or legislation, or
  • by a Minister, government department, or by the Welsh Ministers; and
  • appointments to the body or office must be made by the Crown, a Minister, a government department or the Welsh Ministers.

Organisations that meet these criteria are periodically brought within the scope of the Act by orders made under section 4. If a company is wholly-owned by a public authority, then it is automatically covered by the Act.

4. No organisation has yet been designated by the Secretary of State for Justice as a public authority for the purposes of the Act (the third category in paragraph 2).

5. The experience of the first years of FOI suggests that the Act is working well and has been successfully implemented across more than 100,000 public authorities. Now is the time to review the coverage of the Act, based on this experience, although the Government recognises that this experience may not directly translate to the private and voluntary sectors.

6. Section 5 of the Act enables the Secretary of State to designate two types of person or organisations as public authorities: those which:

  • appear to the Secretary of State to exercise functions of a public nature, or
  • are providing, under a contract made with a public authority, any service whose provision is a function of that authority.

The Secretary of State makes a designation by making what is called a section 5 order. Section 5 is a residual category: that is, a section 5 order cannot cover any organisation that could be listed in Schedule 1 to the Act by the making of a section 4 order, or is already covered by virtue of being wholly-owned by a public authority.

7. Section 7 of the Act requires that any section 5 order must state the functions or services provided under contract for which an organisation is designated. The Act will not apply to any other information held and therefore will not necessarily cover all the work carried out by an organisation. There will be some organisations all of whose functions could be designated under section 5 because they perform only functions of a public nature. In other cases the application of section 5 will be more limited.

8. It is possible in some situations for a section 5 order to designate a class of organisations rather than listing individual organisations. For example, it might be considered appropriate to designate as a class those contracted to run prisons under Part IV of the Criminal Justice Act 1991, rather than listing each individual contractor. This would help reduce the number of orders needed and ensure greater consistency of coverage.

9. The Secretary of State must consult with each organisation, or with representative organisations, before designation can take place. In addition, Impact Assessments would have to be carried out before designating any private bodies.

10. Once this consultation period is completed, the responses will be analysed and policy proposals formulated. In accordance with the Act, representatives of the relevant organisations will then be consulted further. Depending on the responses to the consultations, the Government would hope that any initial section 5 order could be brought into effect by the end of the next Parliamentary session.

Part 1: The case for reviewing coverage of the Act

11. The Government believes that there are good reasons for reviewing coverage of the Act:

  • some organisations receive large amounts of taxpayers’ money to carry out functions of a public nature but are not currently subject to the Act. In fulfilling those functions it would seem appropriate that they be subject to the same scrutiny as public authorities within the scope of the Act. To include such organisations within the scope of the Act would increase transparency in the distribution and expenditure of public funds;
  • some organisations have contracts to carry out important work that would otherwise be done by the public authority they contract with. For example, prisons run by HM Prison Service are currently covered by the Act but prisons operated by private contractors are not. The prisons provide similar services and apply similar standards regardless of whether they are run directly by the state or privately under contract;
  • access to information about a particular service may vary across the country if in some areas it is provided by a public authority, such as the local authority, and in other areas it is provided under contract by a private company or by a charity or voluntary organisation in receipt of a grant;
  • the coverage of the Act is narrower than that of the Environmental Information Regulations 2004 (EIRs). The EIRs apply to almost all the public authorities that are listed in Schedule 1 to the Act, as well as organisations that are under the control of these public authorities and are responsible for developing, managing, regulating or inspecting the environment on behalf of the public. It may be appropriate for some of the organisations that are covered by the EIRs also to be covered by the Act;
  • some non-public authorities consider that they carry out work of a public nature and would readily accept that they should be included within the scope of the Act.

12. The Government also believes that in considering how and when to extend coverage of the Act, a balance needs to be struck to ensure that the advantages of openness are considered alongside the potential impact on organisations to be covered. It will need to take account of reasons against extending coverage of the Act to at least some of the organisations to which section 5 could potentially apply. In particular:

  • any review needs to take account of FOI costs and the potential effect on the cost of provision of services and the willingness of businesses to contract to deliver services in the future. The requirements of FOI could have particular implications for smaller organisations as they may have less capacity to absorb extra costs. Evidence from organisations already covered shows that complying with the requirements of the Act places additional financial and administrative burdens on the public authorities. While some costs may be offset, for example by charging for the provision of information through publication schemes and through charging for disbursements, this would not cover the majority of the set-up and running costs of FOI;
  • the Government is committed to supporting the voluntary and community sector in its provision of public services and to reducing unnecessary burdens, in particular on small businesses, and so does not wish to regulate unnecessarily.

13. The Government considers it important to balance the potential benefits of increased information access against the impact on the delivery of public services, on businesses and on the voluntary and community sector. Any decisions on section 5 orders will need to be made on a case-by-case basis in the context of the overall policy objectives. The potential impact would be discussed in the required consultation with the suggested organisations or their representatives and analysed in an Impact Assessment.

14. In considering whether to extend the application of the Act to organisations with functions of a public nature or to public service contractors, the Government has considered a number of alternatives to using section 5 orders to increase information access. The options considered for the use of section 5 orders and for alternatives are set out below, with some of the considerations needing to be taken into account.

Option 1: take no action at this time. If no changes were made to the scope of the Act, the statutory right of access to information would continue to be limited to information held by those public authorities currently covered by the Act. There would be no new rights of access to information from other organisations providing public services under contract or which have functions of a public nature. As noted above, some such organisations are significantly involved in delivering public services but are under no general obligation to provide information about these activities. This may be thought anomalous and inconsistent with the objectives underlying freedom of information.

Option 2: self-regulation by relevant organisations. Organisations that meet the conditions of section 5 of the Act would be encouraged to provide information about their public activities on a voluntary basis instead of being required by a section 5 order to make information available in accordance with the Act. One possibility would be to draw up a Code of Practice for private organisations that are providing public services. If such a code could be agreed and generally observed, this might provide the benefits of increased access to information while minimising disruption and regulation of private organisations. The key questions that would need to be addressed are how far and how consistently organisations could be expected to abide by any non-statutory guidance and whether any sanctions could be brought to bear on organisations that failed to do so. Anecdotal evidence suggests that while some such organisations are already choosing to make information available, others are unwilling to do so.

Option 3: build information access obligations into contracts with organisations delivering public services. This would provide for some form of information access in relation to services provided under contract, but would not be an option in relation to organisations exercising functions of a public nature in their own right, rather than under contract. Information could be supplied either directly from the contractor or by requiring the contractor to send information to the public authority that would then be accessible from them under the Act. This is likely to be less burdensome to the contractor than being designated as a public authority. Standard clauses could be produced to include conditions and exemptions similar to those found in the Act. These could be adapted to meet the individual needs of the organisation providing the service. However, there would then be the risk of inconsistency in the level of information access from different contractors. That risk would be exacerbated if it were decided to introduce such obligations only into new
contracts (since reviewing all contracts already held by public authorities would be time consuming and costly). We would need to consider whether such contracts should be enforceable not just by the public authority, but also by members of the public seeking access to information. Another
disadvantage of this option would be that enforcement would take place ultimately through civil claims for breach of contract, rather than the enforcement machinery contained in the Act.

Option 4: introduce a single section 5 order covering a specified set of organisations. This option would increase public access to information from specific organisations that provide public services while leaving others outside the ambit of FOI. It would allow for FOI coverage to be extended only to those organisations in respect of which the government was satisfied that the benefits of information access outweighed any negative impacts. Possible criteria for identifying the most appropriate organisations to be covered by any section 5 orders are discussed in more detail in Parts 2 and 3 of this paper. It would of course be feasible to introduce further section 5 orders in future, but under this Option there would be no specific expectation on the Government to do so in the short term.

Option 5: introduce a series of section 5 orders so as progressively to widen coverage of the Act over time. This option would provide for progressive extension of the coverage of
FOI. Designation of new public authorities could be implemented in waves by means of successive section 5 orders. Organisations could be brought within the ambit of the FOIA in order of priority; this would also allow for evaluation of the benefits of each order before any new order was made.
Rigorous impact assessment would be needed to ensure that the benefits of access to the information held by any organisation or class of organisations outweighed any negative impact, for example on their ability to work effectively.

Q1: Do you support extending the coverage of the FOI Act to organisations that carry out functions of a public nature and to contractors who provide services to a public authority whose provision is a function of that public authority?

Q2: Of the five proposed options, which do you consider the best option? Or would some other option, or combination of options, be preferable? Please explain your reasoning.

Part 2: Organisations to be considered for coverage by the Act because they are exercising functions of a public nature

15. When considering whether an organisation should be included in a section 5 order, we need to consider whether the organisation falls within the definition of section 5, that is to say whether it has functions of a public nature, or is providing under contract with a public authority any service whose provision is a function of the authority. We should then confirm at the outset that the organisation is neither already included in nor capable of being added to Schedule 1 (as explained in paragraphs 3 and 6 of this document), nor wholly owned by a public authority and therefore already covered automatically by the Act. Finally we need to consider whether it is appropriate to cover the organisation under the Act.

2.1 ‘Functions of a public nature’

16. In this part of the consultation paper we consider the first type of organisations to which section 5 relates: those that ‘[appear] to the Secretary of State to exercise functions of a public nature’. Determining conclusively whether or not any given organisation falls within this description can be difficult.

17. There is no single definition of what constitutes a function of a public nature for the purposes of the Act, either in relation to formal legal definitions or commonly accepted terms. Whether an individual organisation may lawfully be included in a section 5 order is something only the courts can determine conclusively, but some of the issues to be taken into account are outlined here in order to give a context for the consideration of appropriateness which follows.

18. What is perceived to be a function of a public nature partly depends on the position and perception of society and is likely to change with time. Certain functions, which may previously not have been seen as a public function, have become clearly public functions in today’s society – for example having a National Health Service. Equally some functions, once perceived as public, may today be seen as predominantly private functions.

19. The question of whether a person or organisation exercises ‘public functions’ or whether a person’s activities are of such a nature that they should be subject to public law constraints, has arisen in a number of different contexts and has been the subject of consideration by the courts. An example is in determining whether a person is a ‘public authority’ for the purposes of the Human Rights Act 1998 because certain of their functions are ‘functions of a public nature’ (section 6 of the Human Rights Act 1998). It is anticipated that the courts would be likely to have regard to broadly similar factors in relation to section 5 of the Act as they would when determining the scope of judicial review and the Human Rights Act 1998.

20. Some factors which may be relevant to determining these questions - many of which have been considered by the courts in the contexts mentioned above - are identified below. The presence of one factor in any given case would not act as a reliable guide that the person in question would satisfy the test, as the question needs to be considered in all the circumstances of the particular case at hand.

2.2 Appropriateness of coverage

21. Considerations that might be suitable to be taken into account under this heading include whether the organisation concerned receives public funding and whether the benefits of public access to the information held appear to outweigh any negative impacts, for example in terms of
additional burdens on resources.

2.2.1 Organisation funding

22. It may be appropriate to extend coverage of the Act only to those organisations that receive funding from the public purse or from fees charged as a consequence of performing a public function. Since only information relating to an organisation’s public functions would be covered by the Act, it would seem logical to specify those functions as the ones in respect of which an organisation to be included in a section 5 order should receive public funding.

23. There are a number of different sources of public funding for organisations, including core funding, funding for infrastructure purposes and funding to deliver specified services. Some functions of a public nature are funded by the charging of a levy. For example, the Pensions Ombudsman, who is already covered by the Act, is funded by a levy on pension providers.

Q3: Should some form of public funding be essential in order for an organisation to be considered for inclusion in a section 5 order, or should this be just one of a number of relevant factors to be considered?

Q4: Are there any organisations or categories of organisations that do not receive public funding but that you believe should be covered by the Act? Please explain why.

2.2.2 Balancing access to information against the cost of FOI

24. There is a need to strike a balance between making information available through the use of section 5, and ensuring that organisations are still able to carry out their essential functions. Some of the factors that it might be appropriate to consider in deciding whether to cover an organisation are listed below.

Q5: Do you agree that the balance between the public interest and the potential burden of FOI is an appropriate consideration when deciding whether to cover an organisation?

Q6: To what extent do you think that the factors listed, or any other factors, should be taken into account in determining whether organisations performing public functions should be brought within the ambit of the Act?

Part 3: Organisations to be considered for coverage by the Act because they provide services under contract with a public authority whose provision is a function of that authority

25. In this part of the consultation paper we consider the second type of organisations: one which ‘is providing under a contract made with a public authority any service whose provision is a function of that authority’. Decisions about whether to designate such an organisation as a public
authority would be made on a case-by-case basis.

26. When considering criteria for the inclusion of such organisations in a section 5 order we need to consider the following questions:

3.1 Services whose provision is a function of a public authority

27. Public authorities enter into many contracts with external organisations. Not all contracts will be to provide a service whose provision is a function of the public authority, however, and it follows that not all organisations contracting with a public authority will be suitable for designation under section 5. The key criterion is whether the provision of that service is a function of that public authority. For example, if a local authority contracted with a private organisation to run some of its children’s homes, these might be considered services whose provision was a function of the authority. On the other hand, a contract to provide stationery or IT equipment for purposes purely internal to the public authority might not be considered as providing a service whose provision is a function of the authority. Thus there is a need to distinguish between services that the authority provides or is expected to provide as part of its functions (e.g. child protection), and those services that it commissions to enable or assist it to carry out its day to day activities (e.g. IT equipment).

28. Some of the factors listed earlier when considering whether an organisation exercises functions of a public nature are helpful in deciding whether a contractor is providing a service whose provision is a function of the public authority.

3.2 Appropriateness of Coverage

29. Even where a service provided under contract is a function of the public authority, it still might not be appropriate to designate the contractor. The benefits of public access to the information must outweigh any negative impact of designating the organisation as a public authority.

30. In general, a significant degree of public accountability already exists where a contractor provides a service on behalf of a public authority. The authority is still accountable for the service and will ensure that the contractor is accountable to it. Information held by the public authority about the service provision, either through the scrutiny process or through other means, will be covered by the Act. Contractors are sometimes required to provide information to the public authority if this is required for their business needs. The Office for Government Commerce has provided model contract clauses that require contractors to provide information and assistance with FOI requests.

31. Further, in some circumstances, information held by a contractor will be held on behalf of the public authority and therefore covered by the Act. It is therefore likely that much of the information relevant to services provided under contract is already accessible and so there will be less benefit in covering a contractor than in covering an organisation that exercises functions of a public nature in its own right.

32. There are also a number of potential disadvantages to covering contractors. Firstly, while most public sector bodies are established to provide a service, contractors are often businesses or voluntary and community sector organisations which choose to provide services. Having to comply with FOI may make these organisations reluctant to bid to provide services. A reduction in the number of organisations bidding to provide a service would not be in the public interest. Secondly, contractors may expect full cost recovery from the public authority. This cost could be greater than the actual cost of FOI as compensation for any perceived risk might be included.

Q7: Do you agree that the coverage of FOI should extend to contractors who provide services under contract with a public authority whose provision is a function of that authority? If you disagree, please give your reasons.

Part 4: The requirement to specify functions or services

33. Sections 7(5) and 7(6) of the Act require that section 5 orders must specify which of the public functions of, or contracted services provided by, an organisation will be covered. Information the organisation holds which does not relate to the specified functions or services will not be covered. Many of the functions or services to be listed will be relatively straightforward, although there are a number of areas related to the running of an organisation where information could be concerned both with the function or service concerned, and with other areas. It will be important that it is agreed in consultation with the organisation how these will be handled. These include:

34. In general terms, it is expected that where these issues relate to the delivery of the service or function, this would be included in the function specified for the purposes of section 5. For example, if an organisation held a board meeting at which financial decisions were taken regarding a service delivered under contract, the relevant information would be subject to FOI, but other information would not. Similarly, information about staffing and management in relation to the service or function would be subject to the Act. The established FOI exemptions would apply as appropriate in these cases.

35. This approach could result in additional burdens for organisations that have only part of their services or functions designated under section 5. For example, they might need to consider how best to ensure that information management systems made available the information covered by FOI. This would need to be discussed and agreed during the consultation period and reflected in the Impact Assessment.

Q8: Do you agree that information relating to an organisation’s administration of a public service or function, for example in the areas listed in paragraph 33, should be subject to FOI? If not, please give your reasons.

Part 5: What happens next?

36. Once this consultation has finished, the Government will analyse the responses and formulate proposals on whether to extend the coverage of the Act at this stage. If the Government is minded to use the power in section 5, a list of organisations to be considered for designation will be drawn up, taking into account the consultation responses received.

Q9: Which organisations, or types of organisations, do you believe should be considered for inclusion in any extension of FOI under s.5 of the Act, and why?

37. Before any section 5 order could be introduced, the Government would need to have consulted with the organisations proposed for designation or their representatives and with the relevant public authorities. Those public authorities and the organisations under consideration might also wish to enter into discussion between themselves. The views expressed would be taken fully into account in the drawing up of any order to be put before Parliament.

38. The Government would need to discuss on a case-by-case basis how much time designated organisations should have to prepare for FOI before any order took effect. Some could be ready for implementation quite quickly, either because their sponsoring public authority could offer support with implementation and the handling of requests or because they had long expected to be designated and had prepared accordingly. Others would need more time.

Posted in Closed, Freedom of Information, Open Government | 23 Comments »

Data Sharing Review: A consultation on the use and sharing of personal information in the public and private sectors

Friday, December 14th, 2007

This consultation ends on 15 February 2008

A paper produced by the Data Sharing Review. This information is also available on the Review’s website.

Introduction

On 25 October the Prime Minister asked Richard Thomas, the Information Commissioner, and Dr Mark Walport, Director of the Wellcome Trust, to carry out an independent review of the use and sharing of personal information in the public and private sectors.

This review will consider whether there should be any changes to the way the Data Protection Act 1998 operates and the options for implementing any such changes. It will include recommendations on the powers and sanctions available to the regulator and courts in the legislation governing data sharing and data protection. It will also make recommendations on how data sharing policy should be developed in a way that ensures proper transparency, scrutiny and accountability.

The recommendations will seek to take account of technological advances and strike a balance that ensures appropriate privacy and other safeguards for individuals and society, whilst enabling the sharing of information to protect the public, increasing transparency, enhancing public service delivery and reducing the burden on business.

This paper sets out a series of questions relating to the use of personal information by the public and private sectors. Not all of these questions will be of relevance to all respondents. However, we would be grateful if you could answer those questions that are most relevant to you.

Personal information is shared and used every day by both public authorities and private organisations. The scope and methods of information sharing varies greatly – ranging from an individual piece of personal information being shared once between two public authorities to the regular and wholesale sharing of personal information between two or more databases. Across this spectrum, the key question that arises – in terms of the public good (such as law enforcement, child protection or improved public services) – is what is the rationale for the sharing of personal information that is being sought. This then leads to such questions as whether the personal information being shared is being used for the purpose for which it was collected and not for incompatible purposes, and whether the amount of information being shared (and access to it) is proportionate. The safeguards needed in such situations need to be sufficient to command public trust and confidence. This consultation paper, therefore, seeks views on the scope of personal information sharing – i.e. what personal information is shared – and on the spectrum of information sharing – i.e. in what way is personal information shared.

We would also be grateful for any additional suggestions or observations you may have – from both the public and private sector – that you believe to be relevant to the review. We would welcome case studies of information-sharing initiatives that have been successful in delivering benefits to individuals and to society. We would also welcome frank appraisals of examples where information sharing has either not been successful or has failed to materialise – for example due to funding problems or the legal framework; due to a lack of political, institutional or cultural will; or because of public objections. We would further welcome case studies where problems were encountered in the sharing of personal information or where the sharing of such information generated unacceptable risks.

The consultation is aimed primarily at experts and practitioners in the field of data sharing and data protection in the public and private sectors; government departments and agencies with an interest in data sharing and privacy; the devolved administrations; the European Commission; the general public; and relevant organisations in the UK.

We would be grateful for responses by Friday, 15 February 2008.

QUESTIONNAIRE

This document assumes a working knowledge of the Data Protection Act and other relevant legislation.

Section 1: Background

Question 1

Please explain what your interest in information sharing is. If you have an active involvement in personal information sharing, we would be grateful for the following information:

  • What kinds of personal information do you collect, hold and share?
  • How do you collect, hold and share such personal information?
  • For what purposes do you collect, hold and share such personal information?

Section 2: Scope of personal information sharing, including benefits, barriers and risks of data sharing and data protection

Question 2

What in your view are the key benefits of sharing personal information to
a) individuals and b) society? Please provide examples.

Question 3

What in your view are the key risks of sharing personal information to a) individuals and b) society? Please provide examples.

Question 4

As mentioned in the introduction, there are wide variations in the scope and methods of personal information sharing. What scope and what methods, in your view, pose the greatest opportunities or risks? Please explain the reasoning behind your response.

Question 5

Please provide examples of where, in your view, the public authorities hold too much data or not enough personal information, and the reasoning behind your response.

Question 6

Please provide examples of where, in your view, private sector organisations hold too much personal information or not enough personal information, and the reasoning behind your response.

Question 7

Please provide examples of cases where you believe the sharing of personal
information between two or more bodies would be beneficial, but where it is not currently taking place.

Please explain as fully as possible why information is not being shared, detailing what the barriers to the sharing of personal information are – e.g. legal, cultural, inancial, institutional – and how these barriers can be overcome.

Question 8

Please provide examples of cases where you believe that personal information is being shared between two or more bodies, but where this should not be taking place.

Please describe the information-sharing concerned and why you believe it should not be talking place, including the risks involved in such information-sharing.

Section 3: The legal framework

The Data Protection Act (DPA) regulates the processing of information, including its obtaining, holding, use and disclosure. The second principle of the DPA is as follows: “Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes.”

Question 9

In your view, how well does the DPA work? Please outline the DPA’s main strengths and weaknesses and any proposals for changes you would like to see made, including suggestions for their implementation.

Question 10

In your view, how well do public authorities and private organisations adhere to the second principle of the DPA? How valuable do you believe the second principle is? Please provide examples and the reasoning behind your response.

Question 11

What technical, institutional or societal barriers stand in the way of the effectiveness of the DPA? Please provide examples.

Question 12

What further powers, safeguards, sanctions or provisions do you believe should be included in the DPA.

Question 13

Are there any other aspects of UK or EU law (such as EU Directive 95/46/EC) that impact positively or negatively on data sharing or data protection? Please provide examples.

Question 14

Are there any statutory powers unavailable that would enable better and more secure sharing of personal information – for example for identity authentication purposes – between a) public authorities and b) public authorities and private organisations? If so, what are they? Please provide examples and any steps you believe could be taken to improve matters.

Question 15

Are there any parts of the legal framework that place an unreasonable burden on business? Please provide examples. Please outline your proposals for streamlining the legislation to ensure that such burdens are minimised.

Section 4: Consent and transparency

Question 16

Is it clear whether and when you need individuals’ consent to share information about them? Are you clear about the form that consent should take? Please provide examples. Please provide details of any initiative you have been involved in that has been based on consent.

Question 17

What, if any, barriers would a requirement for gaining consent create to the sharing of personal information? Please explain your reasoning.

Question 18

Do you have any suggestions on how to make the sharing of information more
transparent? For example, should individuals be given strengthened access rights? And if so, how?

Should organisations be expected to do more to explain their use and sharing of personal information to the public? And if so, how?

Question 19

How can we best ensure that information sharing policy is developed in a way that ensures proper transparency, scrutiny and accountability? For example: In your view, how valuable is the Information Commissioner’s recently published Framework code of practice for sharing personal information. In your view, how valuable are privacy impact assessments along the lines
announced by the Information Commissioner on 11 December?

Section 5: Technology

Question 20

What impact in your view have technological advances had on the sharing and
protection of personal information? Please provide examples.

Question 21

Should the law mandate specific technical safeguards for protecting personal
information? For example, should there be an explicit requirement that all personal information held on portable devices be encrypted to a particular standard?

Question 22

How, in your view, could ‘privacy enhancing techniques’, such as the anonymisation or pseudonymisation of personal information, help safeguard personal privacy, whilst facilitating activities such as performing medical research? Is sufficient advice about the deployment of such techniques available? Are you confident about using them? What are the barriers to using them?

Section 6: International comparisons

Question 23

Are you aware of any jurisdictions whose legal framework for sharing and protecting personal information contains features that could be useful in a UK context? Please provide examples.

Question 24

Do you have any international examples of good practice in the sharing of personal information that could or should be adopted by the UK?

Question 25

Do you have any knowledge of jurisdictions that have adopted a particularly
permissive or restrictive approach to sharing personal information? What have the consequences of this been?

Question 26

Are you aware of significant differences in public attitudes to the sharing of personal information in other countries? Please provide examples and an explanation for why you believe this to be the case.

Section 7: Additional questions

Question 27

Are there any additional issues on the sharing of personal information and protection of personal information that this review should be considering? Do any of these issues apply specifically to your sector?

Question 28

Please set out any additional suggestions or observations you have that you believe will be of assistance to the review.

Posted in Commentable, Consultr, Data Protection, Open, Privacy | 8 Comments »