The disclosure of personal information to third parties by my Department occurs only in instances where there is a clear legislative basis to do so, or where this is a requirement as part of the performance of a contract.
In instances where personal data is included in the data to be shared, compliance with the Data Protection legislation is an incumbent part of the process and clearly outlined in the written agreement in place prior to any transfer occurring.
It is the policy of the Department that in instances of processing and sharing data externally, that Department guidelines must be adhered to through written agreements. These agreements include a number of key points such as:
- the purpose for which the data is to be shared;
- the security arrangements that will be in place to protect this data;
- contract termination dates;
- the arrangements for the destruction of data once the processing/contract is complete.
Concerning the sharing of data (including personal data) with commercial operators or service providers through the execution of goods or services contracts put in place following procurement, my Department primarily uses the contract templates and confidentiality agreement templates issued by the Office of Government Procurement (OGP). These templates contain data protection clauses and schedules which serve to ensure that the contractual relationship is compliant with data protection obligations. The Department has also developed a suite of contract and confidentiality agreement templates for low-value goods and services procurements. These templates contain identical data protection clauses and schedules to those contained in the templates issued by the Office of Government Procurement. In addition, where restricted information may be required to be shared, an additional confidentiality agreement document in addition to the OGP suite of templates is required. These agreements are in place, inter alia, with third parties involved in ensuring food safety and authenticity within the Agri food sector.
My Department has also successfully achieved and continues to maintain ISO 27001/2013 Information Security Certification which further supports its commitment to the protection of all data in its possession.