Public sector IT managers are facing headaches over how to manage personal information stored in back-office systems as data protection legislation grows more confusing, legal experts have warned.
High-profile examples, such as the Soham murder case, have highlighted problems with data protection laws.
System integration has made it easier for organisations to share information. But because of unclear data protection rules many do not know if they are allowed to, said Shelagh Gaskill, head of the information law group at legal firm Masons.
The problem is most acute for public sector bodies. "Here you need statutes in order to share data. Consent doesn't cure a lack of statute," said Gaskill.
Private sector firms, on the other hand, can insist that customers give their consent to data being shared as part of any business transaction, she added.
Statutes provide a legally enshrined exemption from data protection requirements. For example, the police can retain arrest information even in cases that have resulted in no prosecution.
There are also caveats for private sector companies, added Gaskill. They must, for example, ensure their partners safeguard personal data that is shared.
The sheer number of statutes is causing further confusion over when data could be shared, commented Dr Chris Pounder, data protection consultant at Masons.
"The government had promised a data sharing Bill to enable disclosure for a host of purposes, but it appears to have backed away from that approach," he said.
A spokesman for the Department for Constitutional Affairs said no decision had been made on such legislation.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches