[F126BVoluntary disclosure of data to Audit ScotlandS
(1)For the purposes of a data matching exercise, any person may disclose data to Audit Scotland (or a person acting on its behalf).
(2)Such disclosure does not breach—
(a)any duty of confidentiality owed by the person making the disclosure, or
(b)any other restriction on the disclosure of data.
(3)Nothing in this section authorises a disclosure—
(a)which contravenes [F2the data protection legislation] ,
[F3(b)which is prohibited by any of Parts 1 to 7 or Chapter 1 of Part 9 of the Investigatory Powers Act 2016,]
(c)of data comprising or including patient data.
(4)“Patient data” means data relating to an individual which is held for medical purposes and from which the individual can be identified.
(5)“Medical purposes” are the purposes of—
(a)preventative medicine,
(b)medical diagnosis,
(c)medical research,
(d)the provision of care and treatment,
(e)the management of health and social care services, and
(f)informing individuals about their physical or mental health or condition, the diagnosis of their condition or their care and treatment.
(6)Nothing in this section prevents disclosure of data under any other provision of this Act, another enactment or any rule of law.
(7)Data matching exercises may include data disclosed by a person outside Scotland.]
Textual Amendments
F1Pt. 2A (ss. 26A-26G) inserted (6.10.2010) by Criminal Justice and Licensing (Scotland) Act 2010 (asp 13), ss. 97(3), 206(1); S.S.I. 2010/339, art. 2
F2Words in s. 26B(3)(a) substituted (25.5.2018) by Data Protection Act 2018 (c. 12), s. 212(1), Sch. 19 para. 67 (with ss. 117, 209, 210); S.I. 2018/625, reg. 2(1)(g)
F3S. 26B(3)(b) substituted (27.6.2018) by Investigatory Powers Act 2016 (c. 25), s. 272(1), Sch. 10 para. 8(2) (with Sch. 9 paras. 7, 8, 10); S.I. 2018/652, reg. 12(g)(iii)