Home > yourrights > privacy/spent convictions and the rehabilitation of offenders > spent convictions and the rehabilitation of offenders/Retention and disclosure of information about your convictions and other involvement with the police > Retention and disclosure of information about your convictions and other involvement with the police
> Sharing information between public authorities
Sharing of information between public authorities
Public authorities other than the police are empowered, and in some cases required, to share personal information with other public authorities in a variety of situations.
One such power arises under Section 115 of the Crime and Disorder Act 1998, as amended by the Police Reform Act 2002 (CDA). One of the ideas behind this legislation was the creation of Crime and Disorder Reduction Partnerships (CDRPs) . CDRPS consist of a range of different local authorities and other organisations, who meant to work together to assess and formulate strategies for tackling what are considered to be escalating problems of crime, disorder and anti-social behaviour. The establishment of CDRPs reflects the Government’s view that, increasingly, the causes of social problems are diffuse, and solutions can only be found with the involvement of many different agencies. At the time of writing there are over 370 such Partnerships in England and Wales.
Information sharing within partnerships is clearly key to such a scheme. Hence, section 115 gives power to any person to disclose information to police authorities and chief constables, local authorities, probation committees, various health authorities, various fire and emergency authorities, and (since 2005) registered social landlords, or persons acting on their behalf so long as such disclosure is necessary for the purposes of any provision of the CDA. These purposes include a range of measures, such as: local crime audits, anti-social behaviour orders, sex offender orders and local child curfew schemes. In addition, the CDA requires local authorities to exercise their own functions with due regard to the need to do all that it reasonably can to prevent crime and disorder in its area.
The power to share information does not override existing safeguards for disclosure of personal information contained in other legislation or the common law, such as the law of defamation, data protection principles set out in the DPA and duties of confidentiality. For example, if the information is covered by the DPA, information will need to be processed fairly and lawfully, only be disclosed in appropriate circumstances, be accurate and relevant, not be held longer than necessary and be kept securely. See also DATA PROTECTION
Where duties of confidentiality apply, disclosure under the CDA will only be justified if there is an overriding justification for breaching confidentiality. The principle of information sharing only ensures that all persons have the power to disclose material, but does not impose any duty to do so. Decisions as to whether or not material should be disclosed will be subject to the principles discussed above and, in the cases of disclosures by a public authority, directly subject to the right to respect for private life contained in Article 8 of the Convention.
The Home Office and the Information Commissioner together have established the “Information Sharing Network”. This has the objective of bringing greater consistency to information-sharing within CDRPs. In October 2007, the Information Commissioner published a Framework Code of Practice for Sharing of Information. Its purpose was to assist anyone – public bodies, private companies, and individuals alike – to draw up their own policies on how to share information in a structured, appropriate, and lawful manner. However, it has been accepted as a relevant model for CDRP policies too. The Framework Code is intended to give guidance as much to those sharing information externally with other bodies, companies or people, as to those sharing information internally, for example between the various departments (environmental health, social security, housing) of a local authority.
The Information Commissioner’s Framework Code does not override individual protocols which many public authorities have issued in order to guide the way in which they share information. If personal information about you has been, or is intended to be shared between public bodies, you should find out if there is any relevant protocol affecting the way in which such information is to be provided.
In contrast to the power to share information under the Crime and Disorder Act 1998, certain authorities will also be under a duty to share information. An example is to be found in the Children Act 2004, and the accompanying Children Act 2004 Information Database (England) Regulations 2004.
Under this Act, it is intended that a database will be created which will hold information about all children in England and Wales and track their interaction with social workers, the police, the NHS, and other public bodies. The database has not yet been established. But if it is, certain authorities will be required to share information with the operators of the database, and may access the information that others have stored there. The information to be recorded includes details on those with care responsibilities for the child, and whether there is any cause for concern. There is currently no guidance as to how authorities will interpret “cause for concern”. It potentially permits information sharing of of any criminal allegations made against a child’s parents or other family members, whether substantiated by other evidence or not. To date there appears to have been little consideration given to the possibility that different public authorities should have different levels of access to the information stored on the database.
The Children Act 2004 demonstrates a trend in this area away from a presumption in favour of the privacy of personal information, and towards sharing data unless good reason is shown not to do so. Before the Act was passed by Parliament, the provisions relating to the database received heavy criticism from many organisations.
One such power arises under Section 115 of the Crime and Disorder Act 1998, as amended by the Police Reform Act 2002 (CDA). One of the ideas behind this legislation was the creation of Crime and Disorder Reduction Partnerships (CDRPs) . CDRPS consist of a range of different local authorities and other organisations, who meant to work together to assess and formulate strategies for tackling what are considered to be escalating problems of crime, disorder and anti-social behaviour. The establishment of CDRPs reflects the Government’s view that, increasingly, the causes of social problems are diffuse, and solutions can only be found with the involvement of many different agencies. At the time of writing there are over 370 such Partnerships in England and Wales.
Information sharing within partnerships is clearly key to such a scheme. Hence, section 115 gives power to any person to disclose information to police authorities and chief constables, local authorities, probation committees, various health authorities, various fire and emergency authorities, and (since 2005) registered social landlords, or persons acting on their behalf so long as such disclosure is necessary for the purposes of any provision of the CDA. These purposes include a range of measures, such as: local crime audits, anti-social behaviour orders, sex offender orders and local child curfew schemes. In addition, the CDA requires local authorities to exercise their own functions with due regard to the need to do all that it reasonably can to prevent crime and disorder in its area.
The power to share information does not override existing safeguards for disclosure of personal information contained in other legislation or the common law, such as the law of defamation, data protection principles set out in the DPA and duties of confidentiality. For example, if the information is covered by the DPA, information will need to be processed fairly and lawfully, only be disclosed in appropriate circumstances, be accurate and relevant, not be held longer than necessary and be kept securely. See also DATA PROTECTION
Where duties of confidentiality apply, disclosure under the CDA will only be justified if there is an overriding justification for breaching confidentiality. The principle of information sharing only ensures that all persons have the power to disclose material, but does not impose any duty to do so. Decisions as to whether or not material should be disclosed will be subject to the principles discussed above and, in the cases of disclosures by a public authority, directly subject to the right to respect for private life contained in Article 8 of the Convention.
The Home Office and the Information Commissioner together have established the “Information Sharing Network”. This has the objective of bringing greater consistency to information-sharing within CDRPs. In October 2007, the Information Commissioner published a Framework Code of Practice for Sharing of Information. Its purpose was to assist anyone – public bodies, private companies, and individuals alike – to draw up their own policies on how to share information in a structured, appropriate, and lawful manner. However, it has been accepted as a relevant model for CDRP policies too. The Framework Code is intended to give guidance as much to those sharing information externally with other bodies, companies or people, as to those sharing information internally, for example between the various departments (environmental health, social security, housing) of a local authority.
The Information Commissioner’s Framework Code does not override individual protocols which many public authorities have issued in order to guide the way in which they share information. If personal information about you has been, or is intended to be shared between public bodies, you should find out if there is any relevant protocol affecting the way in which such information is to be provided.
In contrast to the power to share information under the Crime and Disorder Act 1998, certain authorities will also be under a duty to share information. An example is to be found in the Children Act 2004, and the accompanying Children Act 2004 Information Database (England) Regulations 2004.
Under this Act, it is intended that a database will be created which will hold information about all children in England and Wales and track their interaction with social workers, the police, the NHS, and other public bodies. The database has not yet been established. But if it is, certain authorities will be required to share information with the operators of the database, and may access the information that others have stored there. The information to be recorded includes details on those with care responsibilities for the child, and whether there is any cause for concern. There is currently no guidance as to how authorities will interpret “cause for concern”. It potentially permits information sharing of of any criminal allegations made against a child’s parents or other family members, whether substantiated by other evidence or not. To date there appears to have been little consideration given to the possibility that different public authorities should have different levels of access to the information stored on the database.
The Children Act 2004 demonstrates a trend in this area away from a presumption in favour of the privacy of personal information, and towards sharing data unless good reason is shown not to do so. Before the Act was passed by Parliament, the provisions relating to the database received heavy criticism from many organisations.
