Robert Dowds (Dublin Mid West, Labour)
Link to this: Individually | In context | Oireachtas source

209. To ask the Minister for Children and Youth Affairs his views on the way data protection affects the sharing of information between Tusla and the Health Service Executive; and if consent given to one entity is considered sufficient to cover interactions with both entities where a patient is shared. [27508/14]

Charles Flanagan (Laois-Offaly, Fine Gael)
Link to this: Individually | In context | Oireachtas source

The Child and Family Agency has responsibilities under the Data Protection Acts 1988 and 2003 and the Freedom of Information Acts 1997 and 2003. The Agency is a registered body with the Office of the Data Protection Commissioner and its details have been entered in the Public Register. The Agency's responsibilities under Data Protection legislation are independent of the Health Service Executive and any other bodies, and the Agency exercises its legal responsibilities accordingly.

The Data Protection legislation ensures that the public have specific legal rights to seek access to their personal information and to reasons for decisions which affect them. The Child and Family Agency is fully aware of its responsibility to ensure that personal records and information are kept accurate and up to date, kept safe and secure and provided to individuals when they request them.

The Child and Family Agency creates, collects and processes a vast amount of data in multiple formats. The Agency has a responsibility to ensure that this data is obtained fairly, recorded correctly, used and shared both appropriately and legally and stored securely. Where consent is used as the basis for processing of an individual’s personal information, he or she can give informed  consent to the sharing of information between different data controllers.  However, consent is only one of the grounds for the sharing of information between statutory bodies.  They can, independently of consent, share information where it is necessary for the performance of their statutory functions.  For completeness, it should be made clear that, in a legal sense, the Data Protection Acts do not refer to sharing per se but to the disclosure of information between data controllers which in an everyday sense is sharing of such information.