Consent
An individual’s consent will normally overcome all barriers to information sharing.
When seeking to exchange personal or personal sensitive data the explicit consent
of the individual concerned should normally be obtained.
Consent can be given orally or in writing. The need to be able to audit and monitor
information exchanges suggests that wherever possible consent should be given in writing
or where it is given orally, a note of the relevant details date and time should be
recorded.
The European Data Protection Directive defines consent as
"any freely given specific or informed indication of [his/hers] wishes by which
the data subject signifies [his/hers agreement to personal data relating to him being
processed]."
In obtaining consent this must be clearly and freely given and should not be:
inferred
provided on the basis of misinformation or misleading statements
buried in small print or the implications otherwise disguised
provided under duress except where any duress is due to the proper conduct
of the organisations/agencies proper functions
Where possible, the data subject should be made aware of how long the information
you obtain is likely to be held and certainly if it is held for an indefinite period.
As a general rule, there would seem to be much greater scope for routinely requesting
consent in relation to crime & disorder activities. Where consent is not provided
it may still be possible to exchange certain types of information, although there
would seem to be more scope for work.
Back
to Vires and Intravires
|
