Overarching Information Sharing Protocol for Buckinghamshire
1. Introduction
This document is an Overarching Information Sharing Protocol for public service and voluntary
sector organisations in Buckinghamshire and replaces the previous 2005 version.
It forms an agreement for partner organisations, setting out a vision for information sharing and
principles under which data sharing agreements can be drawn up.
Subsidiary (subject specific) information sharing protocols may also be set up to govern the
sharing of information for specific projects, (a two tier framework). In addition, there will also be
data sharing agreements that detail specific issues relating to the sharing of a dataset e.g. who
owns the dataset, frequency to be shared, reason for sharing.
It will be available to the public.
A number of subject specific information sharing protocols or agreements have already been
developed in Buckinghamshire. These set out the detail required to guide the operational sharing
of information between organisations for the specific purposes for which they were designed.
The individual protocols or agreements will set out details relating to:





What information is to be shared
Who information is to be shared with, when and why
Procedures for sharing information including formats
Other issues including if any specific training is required and how complaints and/or breaches
of the agreement will be managed
Measurable outcomes that could be delivered as a result of that protocol.
Project specific protocols may be drawn up to establish data sharing required between
organisations on a multi-agency project team. These may also include a time restriction if the
project’s life is pre-determined.
All organisations currently involved in one or more of the existing subject-specific protocols or who
will be involved in future protocols will by implication also abide by this overarching protocol.
All partners will be expected to promote staff awareness of the requirements of information
sharing. This will be supported by the production of appropriate guidelines, where required. These
guidelines will be made available to all employees via the partners Intranet sites and/or via other
communication media.
This protocol relates to organisations working within the administrative county boundary of
Buckinghamshire. Thames Valley Police work across a larger region, therefore this protocol will
form the second layer in their framework with a protocol covering the whole of the Thames Valley
area sitting above. Other organisations who work within wider boundaries may also need to
address this.
2. Information covered
This Protocol refers to:


All personally identifiable information processed by the organisations in electronic (e.g.
computer systems, CCTV, Audio) or in manual records.
Aggregated and anonymous data
3. Terms used
A glossary of the terminology used in this document appears in Appendix 1.
4. Vision & Principles
4.1 The Vision for Information Sharing in Buckinghamshire
Our vision is to create: An information sharing culture in which all services work together to deliver
better outcomes for the residents of and visitors to Buckinghamshire.
4.2 Principles of Information Sharing
4.2.1 Culture





A culture will be developed that empowers us to break down barriers, rather than be
protectionist. The direction for this should come from the top.
A presumption that each organisation and individuals will share information where this will
achieve one or more of the benefits set out in this protocol, unless there are compelling
reasons why not.
Information sharing will operate within existing ethical and legal frameworks to ensure that the
rights of the individual are not disadvantaged in any way.
In sharing information, the individual’s rights will be balanced against wider benefits (in
accordance with legislation referred to in section 5).
Each organisation will support employees, if challenged, where they have made a decision to
share information in accordance with the spirit of this protocol and in accordance with specific
information sharing protocols or agreements.
4.2.2 Inter-Agency Working




Each organisation recognises the importance and value of open communication and trust in the
sharing of information.
Each organisation will be proactive in making available information that might assist the
specific or shared priorities of partners.
Each organisation will nominate a senior representative to champion information sharing
internally and to work with partners on the implementation and development of the protocol.
Where information sharing is required each organisation will give undertakings about its
intended use and security.
4.2.3 Implementation












It is expected that information shared will be accurate, have a geographic reference (where
possible and relevant) and will be shared in a timely and secure manner in accordance with
recognised best practice.
Partners supplying information will need to comment on its accuracy and limitations.
Only the minimum information needed will be shared (e.g. post coded information, not
postcode and address).
All organisations will work towards developing common and comprehensible terminology,
processes, boundaries for data collection and standards to facilitate the sharing of information
and the implementation of the protocol.
Information sharing will comply with relevant legislation.
Any other protocols and related agreements about information sharing between the
organisations will be subsidiary to and consistent with this protocol.
Information sharing will be consistent with principles of public accountability and transparency.
Information sharing will be focused around the needs of individuals or communities.
Every organisation should make it a condition of employment that employees will abide by their
rules and policies in relation to the protection and use of confidential information. This condition
should be written into employment contracts and any failure by an individual to follow the policy
should be dealt with in accordance with that organisation’s disciplinary procedures.
Every organisation should ensure that their contracts with external service providers abide by
their rules and policies in relation to the protection and use of confidential information.
Partner organisations should have documented policies for retention, weeding and secure
destruction of information.
Each of the individual protocols will set out how the rights of the individual will be protected.
5. The Legal Framework

All principles, whether derived from existing or future legislation or the common law, governing
the protection and use of information will be adhered to when considering the sharing of
information.
Additional legislation may need to be referred to when sharing specific information and this will
then be set out in the subject-specific information sharing protocols and agreements.
Each individual protocol should include details of an individual who ‘holds’ data for the purposes of
the Freedom of Information Act.
6. Benefits of Information Sharing
This overarching protocol proposes the increased sharing of information between public sector
agencies in order to generate a range of benefits. These benefits largely fall into three categories:



Information which enables us to target our resources more effectively;
Information which enables us to improve our services to our customers;
Information which improves our intelligence, helping us to protect the most vulnerable in our
communities.
6.1 Targeting Resources
Information to improve the targeting of resources will typically be statistical information which will
help to identify problems within communities and to focus attention in specific geographic locations.
For example:



Identifying crime incident ‘hotspots’ can lead to increased policing in problem areas and
increased community development activity by local authorities;
Identifying litter or graffiti ‘hotspots’ can lead to an increased focus on those areas by litter
picking and graffiti removal teams, as well as increased Police Community Support Officer
presence;
Areas of high levels of anti-social behaviour might be addressed by investing in specific
facilities in that area.
6.2 Improving Customer Services
Sharing information about our customers will enable us to have a more complete picture of their
needs, will support the provision of more joined up services and may enable services to be offered
which provide more effective assistance to customers. Examples might include:


Promoting free school meals or other benefits to those in receipt of housing benefit;
Providing a more tailored refuse collection service for those who have difficulty in placing their
bins out for collection;
6.3 Protecting the Vulnerable
There is a need to be more effective in sharing information about individuals who are at risk or
vulnerable. This will, however, involve the most sensitive and confidential information, and the
greatest care will need to be taken in this area. Examples might include:



Casework conferences involving several agencies in order to agree actions which will help to
protect a vulnerable individual;
Sharing information on potentially violent individuals to enable our employees to take suitable
precautions when contacting them for official reasons;
Developing packages of care and support that cross over a range of agencies in order to
ensure that the optimum level of support is available to those in most need.
7. Restrictions on Use of Information Shared
Information must only be used for the purpose(s) specified when the agreement to share was
made (details will be set out in the subject specific information sharing protocols).
It must not be used for any other purpose without the permission of the person/service who
supplied the data or from the relevant data subject(s). (Consent to share information must be
provided by the person to whom the information relates, unless obtaining that consent puts others
at risk. Consent must be informed and regularly reviewed.)
8. Responsibilities of Organisations and Individuals
8.1 Responsibilities of Organisations
Each partner organisation is responsible for ensuring that their organisational and security
measures protect the lawful use of information shared under this Protocol.
Partner organisations will comply with the security levels on supplied information and handle the
information accordingly.
Partner organisations accept responsibility for independently or jointly auditing compliance with the
individual protocols they are involved in.
The Partner organisation originally supplying the information (and the person to whom the
information relates) should be notified of any breach of confidentiality or incident involving a risk or
breach of the security of information.
8.2 Responsibilities of Individuals
Every individual, employee or representative working for the organisations listed in this document
is personally responsible for the safekeeping of any information they obtain, handle, use and
disclose.
Every individual should be aware that any violation of privacy or breach of confidentiality is
unlawful and may result in disciplinary action.
Every individual should know how to obtain, use and share information they legitimately need to do
their job.
Every individual should uphold the general principles of confidentiality follow the rules laid down in
the protocols and seek advice when necessary.
If an individual feels that the information available to them is inadequate for them to do their job, it
is their responsibility to flag this up.
Every individual should undertake not to access or disclose information where they have no
legitimate reason to do so.
Every individual should refer to individual data sharing agreements for additional specific
responsibilities.
9. Governance and Compliance
All organisations recognise that difficulties will inevitably occur with information sharing, but
undertake to resolve problems as they arise constructively and speedily. Individual protocols
should include arrangements to allow them to be assessed.
10. Review Schedule
Representatives of the Bucks Strategic Partnership will review this Overarching Information
Sharing Protocol every 3 years and assess its operation and effectiveness, on behalf of the
Partnership, to secure further improvements in information sharing. It will also be reviewed if/when
relevant updated legislation is published.
Any of the signatories can request an extra review at any time, if they think it is necessary and
provide reasons for the review.
Individual protocols should include details of a review process.
Section 11 is new
11. Partners Involved
Buckinghamshire County Council
Aylesbury Vale District Council
South Bucks District Council
Wycombe District Council
Chiltern District Council
Thames Valley Police
Thames Valley Probation
HMIC
NHS Buckinghamshire
Buckinghamshire Healthcare NHS Trust
Bucks and Milton Keynes Fire & Rescue Service
Community Impact Bucks
Bucks Community Foundation
Bucks Sport
Action 4 Youth
Citizens Advice Bureau
Job Centre Plus
Bucks Business First
OFSTED
Appendix 1
Glossary/interpretation

Anonymous data – data which no longer includes a means of identifying an individual.

CCTV – close circuit television

Communities – A group of people living in the same geographical location or who share
common characteristics or interests.

Disclosure – the passing of information from the data owner to another
organisation/individual

Duty of Confidentiality – Safeguarding personal information that was provided in
confidence.

Geographic Reference – The location where an incident took place or the area which
data is attributed to

Local Area Agreement – A three year agreement setting outcomes and targets for local
priorities agreed between central government and a local area represented by the
County Council on behalf of all local key partners.

Local Public Service Agreement – A three year contract between central government
and a local area to deliver stretching targets related to local priorities.

Personally Identifiable Data – data relating to an individual (living or dead) who can be
identified.

Purpose – the use/reason for which information is stored or processed

Sensitive Personal Data – data concerning racial origin, politics, Trade Union activity,
health, sexuality, offending, religion etc.