Information should always be shared securely and in accordance with organisational policies and local arrangements. This guidance however should be used to inform practice:
Information may be shared verbally, either face-to-face, e.g. in meetings, or on the telephone.
- Where information is shared verbally, it should be recorded accurately as soon as possible. Meetings should be recorded in minutes that are agreed by the attendees present. Care must be taken to record and denote information clearly as fact, statement or opinion and to attribute any statement or opinion to the owner. All information should be recorded in such a way that it can be used as evidence in court, should that be required at a later date.
Information can be shared in written communications, (for example: forms, minutes, letters, statements or reports) transferred either through (1) an internal or external mail service; (2) an encrypted electronic digital media device; or (3) through a secure email system:
- All hard copy written communications containing confidential information should be transferred in a sealed envelope and addressed by name to the designated person within each organisation. The envelope should be clearly marked “Private & Confidential – to be opened by the recipient only”.
- When files are transferred on electronic digital media devices, the files should be encrypted to an appropriate standard, with decryption keys/passwords supplied separately.
- When confidential information is sent by email, it should be sent and received using secure email addresses, to ensure encryption of information in transit. If a secure email system is not used, the sender should ensure the email is encrypted and/or password protected.
Always document the reasons for sharing, or not sharing, personal data, including:
- the reasons for sharing, or not sharing the personal data;
- who was it shared with;
- when was it shared; and
- what is the lawful basis for sharing.
Your organisation will have its own means of, and policy for, recording data which should be followed.