Table of Contents
Also see the government guidance: Information sharing: advice for practitioners providing safeguarding services (July 2018)
Sharing information is vital for early intervention to ensure that children with additional needs receive the services they require. It is also essential to protect children from suffering Significant Harm.
There is a positive duty under the Human Rights Act 1998 to protect life (Article 2 of the European Convention on Human Rights) and to protect others from inhuman and degrading treatment (Article 3 of the European Convention of Human Rights). All public authorities must ensure that everything they do promotes these rights and, in circumstances where a child has suffered or is likely to suffer Significant Harm, this includes the sharing of information with others so that the child’s human rights can be protected.
Practitioners are sometimes uncertain about when they can share information lawfully. It is important therefore that they:
- Understand and apply good practice in sharing information at an early stage as part of preventative work;
- Understand what information is and is not confidential, and the need in some circumstances to make a judgement about whether confidential information can be shared, in the public interest, without consent;
- Understand what to do when they have reasonable cause to believe that a child may be suffering, or may be at risk of suffering, Significant Harm and are clear of the circumstances when information can be shared where they judge that a child is at risk of Significant Harm;
- Understand what to do when they have reasonable cause to believe that an adult may be suffering, or may be at risk of suffering, serious harm and are clear of the circumstances when information can be shared where they judge that an adult is at risk of serious harm;
- Are supported by their employer in working through these issues.
Staff in adults’ services are aware that problems faced by those with responsibilities as parents are often likely to affect children and other family members. However this information is not always shared and opportunities to put preventative support in place for the children and the family are missed. Where an adult receiving services is a parent or carer, sharing information with colleagues in children’s services could ensure that any additional support required for their children can be provided early.
You do not need consent to share personal information. It is one way to comply with the data protection legislation but not the only way. This is explored more in the next section of this chapter.
The Concept of Information Sharing & The General Data Protection Regulation (GDPR) and Data Protection Act 2018
Working Together to Safeguard Children 2018 states that:
“Effective sharing of information between practitioners and local organisations and agencies is essential for early identification of need, assessment and service provision to keep children safe. Serious case reviews (now referred to as child safeguarding practice reviews) have highlighted that missed opportunities to record, understand the significance of and share information in a timely manner can have severe consequences for the safety and welfare of children.
“Practitioners should be proactive in sharing information as early as possible to help identify, assess and respond to risks or concerns about the safety and welfare of children, whether this is when problems are first emerging, or where a child is already known to local authority children’s social care (e.g. they are being supported as a child in need or have a child protection plan). Practitioners should be alert to sharing important information about any adults with whom that child has contact, which may impact the child’s safety or welfare.”
Information sharing is also essential for the identification of patterns of behaviour when a child is at risk of going missing or has gone missing, when multiple children appear associated to the same context or locations of risk, or in relation to children in the secure estate where there may be multiple local authorities involved in a child’s care. It will be for local safeguarding partners to consider how they will build positive relationships with other local areas to ensure that relevant information is shared in a timely and proportionate way.
The Data Protection Act 2018 and General Data Protection Regulations (GDPR) do not prevent, or limit, the sharing of information for the purposes of keeping children and young people safe. Fears about sharing information must not be allowed to stand in the way of the need to promote the welfare and protect the safety of children.
For more information see: Working Together to Safeguard Children 2018 – page 21 – Myth-busting guide to information sharing
Key Points for Workers when Sharing Information
Professionals do not necessarily need the consent of the information subject to share their personal information.
Wherever possible, you should seek consent and be open and honest with the individual from the outset as to why, what, how and with whom, their information will be shared. You should seek consent where an individual may not expect their information to be passed on. When you gain consent to share information, it must be explicit, and freely given.
There may be some circumstances where it is not appropriate to seek consent, either because the individual cannot give consent, it is not reasonable to obtain consent, or because to gain consent would put a child or young person’s safety or well-being at risk.
Where a decision to share information without consent is made, a record of what has been shared should be kept. The general principle is that information will only be shared with the consent of the subject of the information.
Sharing confidential information without consent will normally be justified in the public interest in the circumstances shown below in Confidentiality and Consent.
The Seven Golden Rules for Information Sharing
- Remember that the General Data Protection Regulation (GDPR), Data Protection Act 2018 and human rights law are not barriers to justified information sharing, but provide a framework to ensure that personal information about living individuals is shared appropriately.
- Be open and honest with the individual (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so.
- Seek advice from other practitioners, or your information governance lead, if you are in any doubt about sharing the information concerned, without disclosing the identity of the individual where possible.
- Where possible, share information with consent, and where possible, respect the wishes of those who do not consent to having their information shared. Under the GDPR and Data Protection Act 2018 you may share information without consent if, in your judgement, there is a lawful basis to do so, such as where safety may be at risk. You will need to base your judgement on the facts of the case. When you are sharing or requesting personal information from someone, be clear of the basis upon which you are doing so. Where you do not have consent, be mindful that an individual might not expect information to be shared.
- Consider safety and well-being: base your information sharing decisions on considerations of the safety and well-being of the individual and others who may be affected by their actions.
- Necessary, proportionate, relevant, adequate, accurate, timely and secure: ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those individuals who need to have it, is accurate and upto-date, is shared in a timely fashion, and is shared securely (see principles).
- Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.
Source: Information sharing: advice for practitioners providing safeguarding services (July 2018).
The ‘Seven Golden Rules’ and the following Questions will help support your decision making so you can be more confident that information is being shared legally and professionally. Each situation should be considered on a case-by-case basis. See Information Sharing Flowchart
If you answer ‘not sure’ to any of the questions, seek advice from your supervisor, manager, nominated person within your organisation or area, or from a professional body.
The Information sharing guidance for Practitioners makes a point which should be borne in mind. Information can be held in many different ways, in case records or electronically in a variety of IT systems with access for different professionals. The use of emails in professional communications also raises another mechanism for sharing information other than in direct person to person contact. However the information is shared, it should always be recorded in the individual’s record.
Confidentiality and Consent
Working Together 2018 states that:
Practitioners must have due regard to the relevant data protection principles which allow them to share personal information, as provided for in the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). To share information effectively:
- all practitioners should be confident of the processing conditions under the Data Protection Act 2018 and the GDPR which allow them to store and share information for safeguarding purposes, including information which is sensitive and personal, and should be treated as ‘special category personal data’
- where practitioners need to share special category personal data, they should be aware that the Data Protection Act 2018 contains ‘safeguarding of children and individuals at risk’ as a processing condition that allows practitioners to share information. This includes allowing practitioners to share information without consent, if it is not possible to gain consent, it cannot be reasonably expected that a practitioner gains consent, or if to gain consent would place a child at risk.
It is also possible that an overriding public interest would justify disclosure of the information (or that sharing is required by a court order, other legal obligation or statutory exemption). To overcome the common law duty of confidence, the public interest threshold is not necessarily difficult to meet – particularly in emergency situations. Confidential health information carries a higher threshold, but it should still be possible to proceed where the circumstances are serious enough. As is the case for all personal information processing, initial thought needs to be given as to whether the objective can be achieved by limiting the amount of information shared – does all of the personal information need to be shared to achieve the objective?
A Myth Busting Guide to information sharing is avaliable.
A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing. The Guardian plays a key role in ensuring that the NHS, Local Authority Social Services Departments and partner organisations satisfy the highest practicable standards for handling patient identifiable information.
The Eight Caldicott Principles
- Justify the purpose(s) for using confidential information;
- Don’t use personal confidential data unless it is absolutely necessary;
- Use the minimum necessary personal confidential data;
- Access to personal confidential data should be on a strict need-to-know basis;
- Everyone with access to personal confidential data should be aware of their responsibilities;
- Comply with the law;
- The duty to share information can be as important as the duty to protect patient confidentiality
- Inform patients and service users about how their confidential information is used
Every local Health Service and Children and Young People’s Directorate has its own Caldicott Guardian, to provide advice and guidance on appropriate information sharing.
National Guidance on Sharing Information
Working Together 2018 states that:
- all organisations and agencies should have arrangements in place that set out clearly the processes and the principles for sharing information. The arrangement should cover how information will be shared within their own organisation/agency; and with others who may be involved in a child’s life.
- all practitioners should not assume that someone else will pass on information that they think may be critical to keeping a child safe. If a practitioner has concerns about a child’s welfare and considers that they may be a child in need or that the child has suffered or is likely to suffer significant harm, then they should share the information with local authority children’s social care and/or the police. All practitioners should be particularly alert to the importance of sharing information when a child moves from one local authority into another, due to the risk that knowledge pertinent to keeping a child safe could be lost
- all practitioners should aim to gain consent to share information, but should be mindful of situations where to do so would place a child at increased risk of harm. Information may be shared without consent if a practitioner has reason to believe that there is good reason to do so, and that the sharing of information will enhance the safeguarding of a child in a timely manner. When decisions are made to share or withhold information, practitioners should record who has been given the information and why
Where there is a clear risk of significant harm to a child, or serious harm to adults, the public interest test will almost certainly be satisfied. However, there will be other cases where practitioners will be justified in sharing some confidential information in order to make decisions on sharing further information or taking action. The information shared should be proportionate. Decisions in this area need to be made by, or with the advice of, people with suitable competence in Child Protection work such as named or designated professionals or senior managers.
The relevant issues for social workers are usually around sharing information where consent has been withheld. There is a public interest defence if sharing information is for the purposes of safeguarding a child or vulnerable person.
Section 115 of the Crime and Disorder Act 1998 establishes:
The power to disclose information is central to the Act’s partnership approach. The Police have an important general power under common law to disclose information for the prevention, detection and reduction of crime. However, some other public bodies that collect information may not previously have had power to disclose it to the Police and others. This section puts beyond doubt the power of any organisation to disclose information to Police authorities, local authorities, Probation Service, Health Authorities, or to persons acting on their behalf, so long as such disclosure is necessary or expedient for the purposes of crime prevention. These bodies also have the power to use this information.
Article 8 in the European Convention on Human Rights states that:
Everyone has the right to respect for his/her private and family life, home and correspondence;
There shall be no interference by a public authority with the exercise of this right except such as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of rights and freedoms of others.
The Domestic Violence Disclosure Scheme
The Domestic Violence Disclosure Scheme (DVDS), also known as “Clare’s Law” enables the police to disclose information to a victim or potential victim of domestic abuse about their partner’s or ex-partner’s previous abusive or violent offending. This scheme adds a further dimension to the information sharing about children where there are concerns that domestic violence and abuse is impacting on the care and welfare of the children in the family.
Members of the public can make an application for a disclosure, known as the ‘right to ask’. Anybody can make an enquiry, but information will only be given to someone at risk or a person in a position to safeguard the victim. The scheme is for anyone in an intimate relationship regardless of gender.
Partner agencies can also request disclosure is made of an offender’s past history where it is believed someone is at risk of harm. This is known as ‘right to know’.
If a potentially violent individual is identified as having convictions for violent offences, or information is held about their behaviour which reasonably leads the police and other agencies to believe they pose a risk of harm to their partner, a disclosure will be made.
A disclosure can be made lawfully by the police under the scheme if the disclosure is based on the police’s common law powers to disclose information where it is necessary to prevent crime, and if the disclosure also complies with established case law, as well as data protection and human rights legislation. It must be reasonable and proportionate for the police to make the disclosure, based on a credible risk of violence or harm.
Child Sex Offender Disclosure Scheme
The Child Sex Offender Disclosure Scheme (CSOD) is designed to provide members of the public with a formal mechanism to ask for disclosure about people they are concerned about, who have unsupervised access to children and may therefore pose a risk. This scheme builds on existing, well established third-party disclosures that operate under the Multi-Agency Public Protection Arrangements (MAPPA).
Police will reveal details confidentially to the person most able to protect the child (usually parents, carers or guardians) if they think it is in the child’s interests.
The scheme has been operating in all 43 police areas in England and Wales since 2010. The scheme is managed by the Police and information can only be accessed through direct application to them.
If a disclosure is made, the information must be kept confidential and only used to keep the child in question safe. Legal action may be taken if confidentiality is breached. A disclosure is delivered in person (as opposed to in writing) with the following warning:
- ‘That the information must only be used for the purpose for which it has been shared i.e. in order to safeguard children;
- The person to whom the disclosure is made will be asked to sign an undertaking that they agree that the information is confidential and they will not disclose this information further;
- A warning should be given that legal proceedings could result if this confidentiality is breached. This should be explained to the person and they must sign the undertaking’ (Home Office, 2011, p16).
If the person is unwilling to sign the undertaking, the police must consider whether the disclosure should still take place.
Age Assessment Information Sharing for Unaccompanied Asylum Seeking Children
The issue of age assessment in social work with asylum seeking young people remains controversial and has been something that Children’s social care have struggled with since the millennium. The ADCS Asylum Task Force has worked with the Home Office to provide two new jointly agreed documents, as detailed below. These documents are offered as practice guidance, by way of assistance to local authorities and their partners. The use of the proforma and consent form is voluntary. The content does not, nor does it seek to, be binding on local authorities. It is simply a recommended approach.