Scottish Government records management plan

Element 14: Shared Information

Information sharing, both within the Authority and with other bodies or individuals, is necessary, lawful and controlled.

The Keeper will expect an authority's RMP to reflect its procedures for sharing information. Authorities who share, or are planning to share, information must provide evidence that they have considered the implications of information sharing on good records management. An authority's arrangements must, for example, take data protection into account and demonstrate robust arrangements for the safe and secure sharing of personal sensitive data.

Information sharing protocols act as high level statements of principles on sharing and associated issues, and provide general guidance to staff on sharing information or disclosing it to another party. It may therefore be necessary for an authority's RMP to include reference to information sharing protocols that govern how the authority will exchange information with others and make provision for appropriate governance procedures.

Specifically the Keeper will expect assurances that an authority's information sharing procedures are clear about the purpose of information sharing which will normally be based on professional obligations. The Keeper will also expect to see a statement regarding the security of transfer of information, or records, between authorities whatever the format.

Issues critical to the good governance of shared information should be clearly set out among parties at the earliest practical stage of the information sharing process. This governance should address accuracy, retention and ownership. The data sharing element of an authority's RMP should explain review procedures, particularly as a response to new legislation.

Best Practice might include:

• The need for, and lawfulness of proposed information sharing, is established before the information is shared.
• Information sharing is documented. This can be by means of an information sharing agreement (ISP) or on an instance by instance basis as appropriate.
• A log of information sharing is retained.
• Information sharing is secure.
• Where personal data is shared, consideration is given to the need for a data protection impact assessment, and any transparency requirements for data subjects.

Read further explanation and guidance about element 14.

Scottish Government Statement

Scottish Government shares data in accordance with Data Protection regulations and the Freedom of Information (Scotland) Act. The organisation has a guide to information approved by the Scottish Information Commissioner. This outlines and links to the information the organisation will routinely publish and make available.

In addition to completing the "Responsible for Information – General User" e-learning course on an annual basis, all staff are provided with guidance concerning the procedures and considerations for electronic and hard copy distribution of information.

Standard data sharing templates are available for staff to use in order to reflect the specific requirements and circumstances for sharing information.

Evidence

E20: Restricting files and documents in eRDM – use of security groups

E23: SG Data Sharing Template and Guidance – Non-Personal data

E24: SG Data Sharing Template and Guidance – Personal data

E31: Security Classifications

E46: Data Sharing Agreement - Between Scottish Government and Fire and Rescue Service

Further Development

No further development at this time.