INFORMATION SHARING
AGREEMENT
[TITLE]
[REFERENCE]
[RELEVANT DATE]
IS Toolkit Scotland
Page 1 of 15
INFORMATION SHARING AGREEMENT TITLE
Reference
Contents
1
Parties, Scope and Purpose ............................................................................. 4
1.1
Name and details of the parties who agree to share information .................. 4
1.2
Business and legislative drivers. ................................................................... 4
2
Description of the information to be shared ................................................... 5
3
Description and manner of information sharing ............................................ 5
4
3.1
Data flows ..................................................................................................... 5
3.2
How data/information is to be accessed, processed and used ..................... 6
Impact assessments and preparatory work ................................................... 6
4.1 Actions and countermeasures agreed from the impact assessment and
preparatory work. .................................................................................................... 6
5
6
7
8
9
Fair processing ................................................................................................. 6
5.1
List of relevant Fair Processing Notice(s) ...................................................... 6
5.2
Impact on people interests ............................................................................ 6
5.3
Consent decisions ......................................................................................... 7
Accuracy of the information............................................................................. 7
6.1
Agreed steps to ensure the accuracy of any data shared. ............................ 7
6.2
Agreed arrangements for any challenges to the accuracy of information ...... 7
Data retention .................................................................................................... 7
7.1
Retention periods and purpose. .................................................................... 7
7.2
Secure disposal of information ...................................................................... 7
The rights of individuals ................................................................................... 7
8.1
Subject access request, FOIs and Objection to processing .......................... 7
8.2
Direct Marketing ............................................................................................ 8
8.3
Automated decisions ..................................................................................... 8
Security .............................................................................................................. 8
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Page 2 of 15
INFORMATION SHARING AGREEMENT TITLE
Reference
10 International transfers of personal data .......................................................... 9
10.1 List of countries where the data will be transferred to (if applicable). ............ 9
10.2 Reasons for transferring personal data outside the UK. ................................ 9
10.3 Exceptions..................................................................................................... 9
11 Implementation of the information sharing agreement ................................. 9
11.1 Dates when information sharing commences/ends ....................................... 9
11.2 Training and communications ..................................................................... 10
11.3 Information sharing instructions and security controls ................................. 10
11.4 Publication and transparency ...................................................................... 10
11.5 Non-routine information sharing and exceptional circumstances ................ 10
11.6 Monitoring, review and continuous improvement ........................................ 10
11.7 Sharing experience and continuous improvement ...................................... 10
12 Sign-off and responsibilities .......................................................................... 10
12.1 Name of accountable officer(s) ................................................................... 10
12.2 Lead practitioner ......................................................................................... 11
12.3 Signatories .................................................................................................. 11
12.4 Sign off ........................................................................................................ 13
13 Appendix 1 List of Work instructions, policies and procedures................. 14
14 Appendix 2 Data items and adequacy ........................................................... 15
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Page 3 of 15
INFORMATION SHARING AGREEMENT TITLE
1
1.1
Parties, Scope and Purpose
Name and details of the parties who agree to share information
Legal name of parties to
ISA
1.2
Reference
Short name of the
party
Head Office address
ICO
Registration
Business and legislative drivers.
>
1.2.1 Purpose of the information sharing
Purpose description
Primary or
secondary purpose
Indicate how the data controllers will
decide upon changes in the purposes of
the sharing
Jointly or independently
The instructions for reaching agreement on changes in the purposes of the sharing is
described in the [Name of the Instructions] listed in Appendix 1 Instructions.
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Page 4 of 15
INFORMATION SHARING AGREEMENT TITLE
Reference
1.2.2 Legal basis for the processing and constraints
>
If sharing personal data:
Schedule 2 conditions met
2
Schedule 3 conditions met
Description of the information to be shared
Data category
Data Controller status
PD*
(*) PD – Personal Data as defined within the Data Protection Act 1998.
The parties agree this is the minimum amount of data needed to properly fulfil the
purposes of this agreement.
Appendix 2 (Data items and adequacy), contains the list of all relevant data
items/fields which it has been agreed can be shared under this ISA, indicating the
source and the recipients, and any relevant supporting statement for information
that may raise questions on data minimisation.
3
3.1
Description and manner of information sharing
Data flows
>
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Page 5 of 15
INFORMATION SHARING AGREEMENT TITLE
3.2
Reference
How data/information is to be accessed, processed and used
Associated work
Data use description
instructions, policy or
procedure (listed in
Appendix 1) If applicable
4
Impact assessments and preparatory work
>
4.1
Actions and countermeasures agreed from the impact assessment and
preparatory work.
>
5
Fair processing
>
5.1
List of relevant Fair Processing Notice(s)

5.2
Impact on people interests
Agreed arrangements to minimise impact of the sharing of information on the
interests of the people concerned – as a group and individually.
Impact description
Information sharing agreement
IS Toolkit Scotland
Control measure
[RELEVANT DATE]
Page 6 of 15
INFORMATION SHARING AGREEMENT TITLE
5.3
Reference
Consent decisions
>
6
Accuracy of the information
6.1
Agreed steps to ensure the accuracy of any data shared.
>
6.2
Agreed arrangements for any challenges to the accuracy of information
>
7
Data retention
7.1
Retention periods and purpose.
>
7.2
Secure disposal of information
>
8
The rights of individuals
8.1
Subject access request, FOIs and Objection to processing
>
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Page 7 of 15
INFORMATION SHARING AGREEMENT TITLE
8.2
Reference
Direct Marketing
[ ] Direct marketing is involved in this agreement
Description
>
8.3
Automated decisions
[ ] Automated decisions are involved in this agreement – in the context of this
agreement, “Automated decisions” refer to decisions made using shared information
with no human intervention.
Description
>
9
Security
[ ] A relevant Risk Assessment dated [INSERT DATE] is available and listed in
Appendix 1.
The security measures put in place across the parties ensure that:
[ ]
only authorised individuals can access, alter, disclose or destroy data. This is
achieved through the following work instructions, policies and procedures (also
listed in Appendix 1):
[
] authorised individuals act only within the scope of their authority. This is
achieved through the following work instructions, policies and procedures (also
listed in Appendix 1):
[
] if personal data is accidentally lost, altered or destroyed, it can be recovered to
prevent any damage or distress to the individuals concerned. This is achieved
through the following work instructions, policies and procedures (also listed in
Appendix 1):
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Page 8 of 15
INFORMATION SHARING AGREEMENT TITLE
The security controls applicable by
each organisation will be:
Reference
Jointly agreed between the
parties
Independently decided by
each party
10 International transfers of personal data
Personal data shared in line with
this agreement will be transferred
to
EEA countries only
Out with EEA
Will not be transferred
outside the UK
10.1 List of countries where the data will be transferred to (if applicable).

10.2 Reasons for transferring personal data outside the UK.

10.3 Exceptions
Consent
Contract performance or it is in the interest of the individual
Substantial public interest
Vital interests
Public registers
Legal proceedings or advice
11 Implementation of the information sharing agreement
11.1 Dates when information sharing commences/ends
>
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Page 9 of 15
INFORMATION SHARING AGREEMENT TITLE
Reference
11.2 Training and communications
>
11.3 Information sharing instructions and security controls
All relevant information sharing instructions, including but not exclusively any work
instructions, policies or procedures, are listed in Appendix 1 and accepted by all
parties.
11.4 Publication and transparency
>
11.5 Non-routine information sharing and exceptional circumstances
>
11.6 Monitoring, review and continuous improvement
>
11.7 Sharing experience and continuous improvement
>
12 Sign-off and responsibilities
12.1 Name of accountable officer(s)
Accountable Officer Name
Post title
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Organisation
Page 10 of 15
INFORMATION SHARING AGREEMENT TITLE
Senior Information Risk
Owner Name
Reference
Post title
Organisation
Lead IG Practitioner Name Post title
Organisation
12.2 Lead practitioner
12.3
Signatories
Name of Parties to ISA
Authorised signatories to
ISA
Title /Name
Role
Head Office address
Centre of Excellence Registration Date
Name of Parties to ISA
Authorised signatories to
ISA
Title /Name
Role
Head Office address
Centre of Excellence Registration Date
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Page 11 of 15
INFORMATION SHARING AGREEMENT TITLE
Reference
Name of Parties to ISA
Authorised signatories to
ISA
Title /Name
Role
Head Office address
Centre of Excellence Registration Date
Name of Parties to ISA
Authorised signatories to
ISA
Title /Name
Role
Head Office address
Centre of Excellence Registration Date
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Page 12 of 15
INFORMATION SHARING AGREEMENT TITLE
Reference
12.4 Sign off
"We the undersigned agree to the details recorded in this Information Sharing
Agreement; are satisfied that our representatives have carried out the preparatory
work set out in the Information Sharing Tool-kit for Scotland and are committed to
the ongoing monitoring and review of the scope, purpose and manner of the
information sharing."
Signature
Signature
Name
Name
Date
Date
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Page 13 of 15
INFORMATION SHARING AGREEMENT TITLE
Reference
13 Appendix 1 List of Work instructions, policies and procedures
Work instructions title
Organisation
Information sharing agreement
IS Toolkit Scotland
[RELEVANT DATE]
Hyperlink
Page 14 of 15
INFORMATION SHARING AGREEMENT TITLE
Reference
14 Appendix 2 Data items and adequacy
Data Item
source
Information sharing agreement
IS Toolkit Scotland
recipients
Data
minimisation
justification
[RELEVANT DATE]
For data
linkage only
Page 15 of 15