Last reviewed on
Many commonly confuse data protection legislation and its associated rights of privacy for the aggressor to supersede those of the worker believing personal information cannot be shared.
Organisations are often faced with the need to balance client’s rights with the responsibility to protect staff from the potential of violent or aggressive behaviour from service users. In these circumstances staff need information to be able to make informed judgments about how to safely approach differing situations.
It is often believed that data protection legislation protects the rights of the aggressor and takes priority over the rights of the worker, and that personal information cannot and must not be shared. Yet, the sharing of personal information is often essential to provide a level of awareness to staff within an organisation, and sometimes in other organisations, to enable them to make an adequate risk assessment for their own safety.
The Data Protection Act 1998 (DPA) is not a barrier to sharing information. It is intended to form the basis of data management. Further information about the DPA is available from the Information Commissioner’s Office website www.ico.gov.uk.
Where there is concern about the behaviour of service users or customers and to protect staff organisations can share information with other organisations as long as these comply with legislation and this is done in a fair and lawful manner.
Any information collected must be used fairly and transparently and must:
It is crucial that the process is simple, clear and genuinely informative, telling people:
There is a fundamental difference between telling a person how you’re going to use their personal information and getting their consent to this. In many cases involving service users positive agreement will be needed.
In such cases, choice is not an issue, because the individual cannot expect to receive what he or she has asked for unless any necessary processing of personal information takes place.
Even if individuals have no real choice, the collection of information about them still has to be fair and transparent. A privacy notice can be used to make sure that this is the case.
An organisation’s decision to share information doesn’t negate its duty to treat people fairly. This means that prior to sharing information, the organisation holding it must consider carefully what any recipient organisation is going to do with the information, and what the effect on people is likely to be. It is good practice to obtain an written assurance about this. Once information is shared with another organisation the disclosing organisation cannot restrict its use unless the disclosure is subject to a legally binding agreement.
It is unfair and misleading to keep or share information that isn’t accurate or up to date. It is good practice therefore to keep this under regular review to check for accuracy and rectify any mistakes.
The benefits of a good policy which staff understand will improve trust and relationships with staff who know the process and the reasons behind it and reduce the risk of queries, complaints and disputes about the use of personal information.
NewsletterTo be kept up to date with our services and activities, please subscribe to our newsletter by filling this form