When officials or organizations in the public domain exchange information on individuals, the privacy and the protection of personal data is at stake. Nevertheless, they have to exchange information and data on individuals in order to "do the right things" regarding these persons; for example suspects or convicts, children in child protection-cases, aliens, patients in public health care situations. The danger of violation of these rights is even greater when information is exchanged between officials from various disciplines or chains. And likewise when the exchange is not incidental (related to one specific case), but structural and automated, i.e. not between officials but between computer systems (databases). Safeguards have to be taken to minimize the violation of the rights of privacy and data protection. In this article it is argued that privacy by design can help control the risks, both within chains and when chains intersect. At first sight, from an efficiency viewpoint and the "need to share" it might seem attractive to match the identifying personal data on subjects as widely as possible (for example store them in one database, which is accessible for all officials or organizations involved). This results, however, in too broad a collection of data, beyond the "need to know", and, therefore, is unnecessary and illegitimate. Identifying personal data should in principle not be matched structurally across chains, but only when necessary in a specific case or when explicitly allowed or prescribed or implicitly required by law.