Weather disruption
Winter weather is causing disruption to services in some parts of the county. Find out what services may be affected in your area.
Under appropriate circumstances and for valid reasons, data sharing across and between organisations can significantly enhance service coordination and efficiency for customers. While recognising the importance of information sharing, we must also safeguard data subjects’ rights through clear frameworks.
This document outlines how Dorset Council shares personal data lawfully, transparently, securely, and efficiently within the council and with partner organisations.
All staff and elected members must comply with this policy. Breaches may result in disciplinary action.
This policy is linked to the Data Protection Policy; the Data Privacy Impact Assessment Policy; the Information Governance Policy and the Records Management Policy.
To ensure fairness and transparency, privacy notices are published on the council’s website.
These notices explain how personal data is processed by the council and provide information about who we share personal data with and why.
The council will on occasion share data sets or types of data routinely for established purposes.
Written Information Sharing Agreements (ISA’s) between the council and the other organisation(s) govern such routine sharing. ISA’s ensure that personal data remains adequately protected with proper security.
Copies of ISA’s are stored in the Information Asset Register. They should be signed by the relevant Information Asset Owner, as defined within the council’s Information Governance Policy.
The Data Protection Officer shall be notified of any changes made to or terminations of any ISA.
Where required by law or other specified urgent reasons, data is shared without the need for an ISA, and without an individuals knowledge or consent.
Examples include emergency situations, crime prevention, and tax collection.
An emergency includes:
The council will share personal data without an individual’s knowledge or consent in limited circumstances. For example:
When sharing with police and enforcement agencies we will require a written request detailing the reason why the disclosure is necessary to achieve the purpose in accordance with the limited grounds as set out above.
All the circumstances of the individual case will be considered when exercising professional judgment in balancing what is required to achieve a legitimate purpose with any interference with the individual’s right to respect for private and family life.
Any decision to disclose should be justified and proportionate, and the minimum amount of data required to achieve the aim of the sharing.
A record will be made of each individual decision to share personal data.
This record shall be made and retained by the officer making the disclosure in accordance with arrangements agreed with the Information Asset Owner. Such records shall be available for inspection by the council’s Data Protection Officer.
It may not always be possible to document the sharing in an emergency or time dependent situation however a record will be made as soon as possible.
Sharing children’s data carries higher risks compared to processing adults’ data.
We share children’s data only when there’s a compelling reason, considering the child’s best interests.
In high-risk cases, the council will conduct a Data Protection Impact Assessment (DPIA) to assess and mitigate risks to children’s rights and freedoms resulting from systematic data sharing.
High-risk cases involve sensitive data or specific circumstances where a child is exposed to significant harm.
To ensure due diligence, the council will perform checks on recipients before sharing children’s data. If we foresee detrimental or unfair use of the data, we refrain from sharing.
When planning systematic data sharing, we will assess whether a DPIA is necessary by utilising the DPIA screening tool.
If data sharing involves situations where an individual is at high risk of significant harm, we will conduct a DPIA.
When sharing data for law enforcement purposes, such as preventing, investigating, detecting, or prosecuting criminal offenses related to trading standards, fire safety risks, highway matters, planning contraventions, non-school attendance, and waste disposal, we follow the guidelines outlined in Part 3 of the Data Protection Act 2018 (DPA 2018).
We share data only with consent or when necessary for task performance.
If the shared data includes special category data, we adhere to our policy and share it only with individual consent or when strictly necessary for law enforcement purposes, meeting the conditions specified in Schedule 8 of the DPA 2018.
Will have due regard to data protection matters, and liaise with line management and, where necessary, the Information Asset Owner, when establishing data sharing arrangements.
All staff and council workers will ensure that they undertake their mandatory data protection training on an annual basis.
These individuals are responsible for implementing secure data sharing procedures within their services.
They must ensure proper information security and compliance.
Will develop and share policies, procedures and best practice.
The Board will monitor compliance with this policy.
The Board may delegate such responsibilities to its operational working groups.
The DPO has operational responsibility for monitoring data sharing matters across the council.
If an elected member accesses and processes personal information on behalf of the council, they must comply with the council’s registration and this policy.
Policy owner: Marc Eyre, Service Manager for Assurance (Chair of Operational Information Governance Group).
Date approved: Strategic Information Governance Board – 19 September 2024.
Review date: September 2027.