Protecting adults at risk in London: Good practice resource

Information sharing: A summary of the legal framework

The main legal framework relating to the protection of personal information is set out in:

Here we summarise these pieces of legislation and others; however, legal advice needs to be sought for a more detailed interpretation of the main requirements of each.

There is no general statutory power to share information, just as there is no general power to obtain, hold or process data. Some Acts of Parliament give public bodies express statutory powers to share information. These are often referred to as ‘statutory gateways’ and provide for the sharing of information for particular purposes. These gateways may be permissive or mandatory.

Where there is no express statutory power to share information it may still be possible to imply such a power from the other duties and powers public bodies have. Many activities of statutory bodies will be carried out as a result of implied statutory powers, particularly as it may be difficult to expressly define all the numerous activities that a public body may carry out in the process of delivering its main duties and exercising its powers.

Having express or implied statutory powers in any particular case does not mean that the Human Rights Act 1998, the common law duty of confidentiality and the Data Protection Act 1998 can be disregarded. Where a statutory gateway explicitly removes the need to consider confidentiality, then confidential information can be shared; however, this will be rare and will apply in limited circumstances. Where there are implied powers you need to consider the language of the gateway and the surrounding circumstances.