9. Data sharing
We are permitted in appropriate circumstances to share data within the organisation and also with external bodies. This is most likely to occur when we are required to disclose personal data by a court order, to comply with other legal requirements including prevention or detection of crime, preventing fraud / gathering of taxation and carrying out our other regulatory functions. For instance, it would be acceptable to share data between services if we had good reasons to believe that fraudulent activity was taking place or if we had reason to believe that a crime had been (or was going to be ) committed.
We will only share personal data internally or externally where we are permitted to do so and individuals will be made aware the circumstances in which this will occur through privacy notices. Any new system access requests from staff or services within the Council will be considered by the DPO.
We will use any relevant codes of practice on data sharing issued by the Information Commissioner to help with implementing these aims. Data matching techniques will only be used for specific lawful purposes and will also comply with any relevant codes of practice.
Where we obtain personal data from a third party rather than directly from an individual, we will, wherever possible, make sure they know that we have done this.
Staff should be aware that publishing personal data on the council’s website means that it is effectively shared world-wide and therefore cannot be protected by UKGDPR. Great care should be taken before publishing any personal data (or data from which individuals could be identified) and advice sought from the AD, DPO or SIRO.