Information handling policy

Information sharing

Before sharing information, particularly sensitive information or personal data, you must:

• be satisfied that the request has come from a legitimate source
• if necessary, have taken steps to validate the authenticity of the request
• ensure you are clear on the purpose for which the information is being requested
• ensure you are clear on what is being requested
• where personal data is requested, ensure you have a legal gateway that allows the council to share it
• be satisfied that the request is reasonable and fair, and it is clear why sharing is necessary in relation to the stated purpose
• take reasonable care to avoid oversharing

You may need to document common rules within an information sharing agreement when:

• personal data is being shared to the same partner organisation for an established, repeatable, and agreed purpose
• the sharing normally consists of the same data sets

This must clearly describe both the legal and practical requirements involved. 

When personal data is being provided to a supplier or contracted service you must ensure that the sharing is secure and documented within the relevant contract.

Sharing must occur using corporately authorised solutions.

Information disclosure

When receiving a request to disclose information, you must consider:

• the principles of openness and transparency
• the relevant information legislation

The following requests must be sent to the customer information team:

• requests for disclosure under the Freedom of Information Act or Environmental Information Regulations
• requests by individuals for copies of the personal data we hold about them. This is known as a subject access request under the General Data Protection Regulation