84 When considering what information should be recorded the following questions are a guide: What information do staff need to know to provide a high-quality response to the adult concerned? What information do staff need to know to keep adults safe under the services duty to protect them? What information is not necessary? What is the basis for any decision to share (or not) information with a third party? It is the responsibility of individuals identified within each organisation to maintain accurate documentation outlining why information was shared or not. 9. Restrictions on the use of shared personal information Information would be restricted by any partner agency if deemed not to be in the best interest of the adult at risk. The data shared with partners must not be disclosed to any unauthorised third parties. 10. Breaches of confidentiality Any breaches will be managed by the partner agency’s Information Governance Policy and GDPR and reported to the Caldicott Guardian/Data Protection Lead within 72 hours of being made aware of the breach. Note about Legitimate Interest This category requires a person (who wants to use the information) to explain the purpose and justify why it is a Legitimate Interest in addition to having to demonstrate the necessity of the processing. The onus is also on the person being able to ensure – and demonstrate – that the interests are balanced. It may be harder to demonstrate compliance as there is more scope for disagreement over the outcome of the balancing test. The person needs to be able to clearly justify the decision that the balance favours processing the data. If it is intended to rely on legitimate interests there needs to be confidence about taking on the responsibility of protecting the interests of the adult. If it is more appropriate to put the onus on individuals to take responsibility for the use of their data, then it may be better to consider whether consent would be a more appropriate lawful basis. Relying on legitimate interests also requires more work because it needs to be clearly explained in the organisation’s privacy policy what the legitimate interests of the processing are. It will also be necessary to apply the three-part test to use legitimate interest: It makes most sense to apply this as a test in the following order: Purpose test – is there a legitimate interest behind the processing? Necessity test – is the processing necessary for that purpose? Balancing test – is the legitimate interest overridden by the adult’s interests, rights or freedoms
RkJQdWJsaXNoZXIy NTIyMzU=