Third-party disclosure requests

In most cases, we cannot share personal information with third parties under Data Protection legislation.

However, Schedule 2 of the Data Protection Act 2018 removes specific UK GDPR duties that might otherwise prevent us from releasing information in certain circumstances, including:

• crime prevention or detection
• taxation purposes
• legal proceedings
• safeguarding or other legal duties

Submitting a request does not guarantee that information will be disclosed. We must be satisfied that the request meets a lawful basis for processing under Article 6 of the UK GDPR and may ask for further information before making a decision.

We cannot provide legal advice to external organisations or individuals. You are responsible for ensuring you have the appropriate legal authority for your request.

Who can submit a request

Organisations that may request personal information from us include:

• Police
• government departments
• other local authorities
• legal representatives
• safeguarding agencies

If you are requesting:

• your own personal information, make a Subject Access Request (SAR).
• general council information, make a Freedom of Information (FOI) or Environmental Information Regulations (EIR) request.

Before you start

If you already have a completed request form or a Data Sharing Agreement (DSA), you can upload it at the start of the process and skip certain sections of the online form.

Your uploaded document must:

• be in PDF format
• be on official letterhead
• explain the reason for the request
• include the lawful basis and any relevant legislation, legal power or statutory duty supporting the request
• include details of any relevant Schedule 2 exemption, where applicable
• be dated
• include senior officer or manager authorisation

If the uploaded document does not contain all the information we need, we may contact you for further details.

Complete the online form

If you do not have a completed request form, you will need to complete all sections of the online form and provide the same information listed above, including:

• organisation details and an official organisation email address
• details of the person you are requesting information about
• the lawful basis and any relevant legislation, legal power or statutory duty supporting the request
• contact details for the senior officer or manager authorising the request
• any supporting documents relevant to your request

Submit a third-party disclosure request

What happens next

After you submit your request:

1. You will receive a confirmation email with a case reference number.
2. We may contact your authorising officer to verify approval.
3. The request will be reviewed by the Information Governance or Digital and IT team.
4. If valid, the request will be assigned to the relevant service area for response.

We aim to respond within 1 calendar month from the date all required information is received. If additional information is needed, the response timeframe may be paused until this is provided.

We may refuse requests where:

• there is no valid lawful basis for disclosure
• insufficient information is provided
• authorisation cannot be verified
• the request does not meet Data Protection Act 2018 or UK GDPR requirements

Contact us

Information Governance Team

Email: dataprotection@hounslow.gov.uk