Ways to meet our expectations:

• Ensure written data sharing agreements are detailed enough to meet the requirements of the data sharing code.
• Ensure data sharing agreements are signed off by senior management.
• Train teams involved in configuring or generating bulk personal information transfers appropriately. 
• Ensure these teams clearly understand the authorisation processes, prior to releasing any information or adjusting existing data sets.
• Develop an approval process for adjustments to existing data sets before changes are actioned. Evidence the change management process. 
• Clearly define the specific roles that have the authority to configure or generate data sets for release to data sharing partners. 
• Clearly define the specific roles that have the authority to release information to sharing partners. 
• Tell sharing partners: 
• the source of the information; 
• the lawful basis you obtained it on;
• how you initially collected it; and 
• what you told people at the time about the purposes you are processing it for.
• Implement processes to monitor platforms and other data sharing mechanisms and ensure they are functioning as they should.

Options to consider:

• Pseudonymise or anonymise information within the database or list, where possible.
• Encrypt the information in transit.
• Regularly review how appropriate it is to share the data sets for the purpose.