EURIM, The European Information Society Group, has waded into the debate on public sector data and issued a report on information sharing. Documenting the experiences of data sharing, says the organisation, “allows for an understanding of how these arrangements can be supported and developed and thus embedded in confident future service delivery practice”.
The report, Information Sharing Protocols was produced by EURIM”s Personal Identity and Data Sharing Group, and highlights the following points:
• Information assurance is vital to maintain citizen confidence.
• The reasons for, management of and limitations of, information sharing must be clearly described to citizens.
• Where appropriate, protocols must permit citizens a single point of access to data that is shared about them – information sharing and information access go hand in hand.
• Over time a significant body of legislation regarding information sharing has developed, and case law is often required to demonstrate ‘legality’. As well as the complexity of the legislation this also creates uncertainty within practitioners.
• There is a great deal of guidance on information sharing already in the public domain. Some of this guidance is complicated and not all of it is consistent.
• There are many examples of successful information sharing that can be used as examples to learn from by authorities embarking on new information sharing projects.
• There is more work to do to ensure authorities make consistent and good decisions around information sharing projects.
The report also acknowledges that 'emergency situations' will be a challenge to established information sharing protocols.
EURIM makes the following recommendations:
National government
• Regional Centres of Excellence, through the Ministry of Justice, should incorporate a feasibility study into their programme of work that considers the whole of England or a regional approach to an overarching information sharing protocol model. One regional centre should be asked to take the lead in undertaking this work, working with the Ministry of Justice to ensure that the output will be appropriate to both local and central government. This work should include examining ways to reduce, simplify or in other ways improve the guidance pertaining to information sharing protocols, and build on the Information Commission’s framework code of practice for sharing personal information.
• The Ministry of Justice, in association with relevant departments, agencies and private sector organisations in each sector, should commission further work to map enabling legislation against citizen’s needs so as to inform the above work in each sector.
The Information Commissioner
• The Information Commissioner's Office (ICO) should endorse a common standard on information sharing that draws on those standards developed and in development by the Local e-Government Standards Body (LeGSB) group. This should be done in consultation with the Local Government Association (LGA) and other stakeholders.
• ICO should provide further guidance outlining in practical terms, using common language and terminology that enables organisations to make good quality decisions regarding information sharing. This would not be prescriptive but would stress the importance of using professional judgement in making these decisions.
General recommendations
• EURIM will produce an impact study to evidence the effect existing exemplar protocols have on the efficiency agenda.
• Citizen access to their own information, ability to change their information and knowledge of information sharing initiatives, is vital to the acceptance and smooth operation of information sharing schemes.
• An equally important aspect of security is ongoing training of all staff with permission to access databases containing personally identifiable information. Training should discriminate between legitimate and unacceptable use, and there should be electronic audit trail capability that enables all access to databases to be tracked back to the individual gaining access.
• Meaningful penalties should be enforced for misuse.