New Data Protection Guidelines on personal data sharing
in the private sector
The guidelines are intended to assist companies understand the legal basis under the Data Protection Acts for sharing the personal data that they hold on customers and potential customers. The guidelines have been prepared in response to a large number of queries received by the Office of the Data Protection Commissioner in recent months in relation to the legal position regarding the sharing of such information.
The guidelines make clear the conditions that must be met before an individual's personal data may be shared among organisations. In essence, the guidelines clarify that the personal data of individuals may only be shared in exceptional circumstances and the routine sharing of personal data is not generally acceptable.
Specifically the guidelines also make clear that the sharing among different entities of any personal data in relation to the commission or alleged commission of a criminal offence is only possible under official authority. In this respect, the Office of the Data Protection Commissioner is currently liaising with An Garda Síochána to clarify how law enforcement efforts (including efforts involving the private sector) can take place in compliance with the Data Protection Acts.