This chapter was substantially updated in December 2019 and should be re-read.
- The Data Protection Act 2018 and the General Data Protection Regulations (GDPR), and Relevant Legislation and Disclosure
- The Seven Golden Rules for Information Sharing
- Further Information
Effective information-sharing underpins integrated working and is a vital element of both early intervention and safeguarding. The overriding consideration is to safeguard the child (The Children Act 1989).
Practitioners should be proactive in sharing information as early as possible to help identify, assess and respond to risks or concerns about the safety and welfare of children.
Practitioners should also be alert to sharing important information about any adults with whom that child has contact, which may impact on the child's safety or welfare.
2. The Data Protection Act 2018 and the General Data Protection Regulations (GDPR), and Relevant Legislation and Disclosure
Practitioners must have due regard to the relevant data legislation when sharing personal information.
The Data Protection Act 2018 and GDPR place greater significance on the need for organisations to be transparent and accountable in their use of data. All organisations handling personal data must ensure they have proportionate arrangements for collecting, processing, storing, and sharing information. This includes transparency about the information they will collect and how this may be used.The legislation does not prevent or limit the sharing of information for the purposes of keeping people safe. To effectively share information:
- All practitioners should be confident of the processing conditions which allow them to store, and share, the information that they need to carry out their safeguarding role. Information which is relevant to safeguarding will often be data which is considered 'special category personal data' meaning it is sensitive and personal;
- Where practitioners need to share special category personal data, they should be aware that the Data Protection Act 2018 includes 'safeguarding of children and individuals at risk' as one of conditions that allows practitioners to share information with others without consent:
- Information can be shared legally without consent, if a practitioner is unable to/cannot be reasonably expected to gain consent from the individual, or if to gain consent could place a child at risk;
- Relevant personal information can also be shared lawfully if it is to keep a child or individual at risk safe from neglect or physical, emotional or mental harm, or if it is protecting their physical, mental, or emotional well-being.
Caldicott Guardian Principles
A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing.
The Seven Caldicott Principles
- Justify the purpose(s) for using confidential information;
- Don't use personal confidential data unless it is absolutely necessary;
- Use the minimum necessary personal confidential data;
- Access to personal confidential data should be on a strict need-to-know basis;
- Everyone with access to personal confidential data should be aware of their responsibilities;
- Comply with the law;
The duty to share information can be as important as the duty to protect patient confidentiality.
The Guardian plays a key role in ensuring that the NHS, Local Authority Social Services Departments and partner organisations satisfy the highest practicable standards for handling patient/client identifiable information.
Article 8 in the European Convention on Human Rights states that:
Everyone has the right to respect for their private and family life, home and correspondence:
There shall be no interference by a public authority with the exercise of this right except such as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of rights and freedoms of others.
The Domestic Violence Disclosure Scheme
The Domestic Violence Disclosure Scheme (DVDS) gives members of the public a formal mechanism to make enquires about an individual who they are in a relationship with, or who is in a relationship with someone they know, where there is a concern that the individual may be violent towards their partner. This scheme adds a further dimension to the information sharing about children where there are concerns that domestic violence and abuse is impacting on the care and welfare of children within the family.
Members of the public can make an application for a disclosure, known as the 'right to ask'. Anybody can make an enquiry, but information will only be given to someone at risk or a person in a position to safeguard the victim. The scheme is for anyone in an intimate relationship regardless of gender.
Partner agencies can also request disclosure is made of an offender's past history where it is believed someone is at risk of harm. This is known as 'right to know'.
If a potentially violent individual is identified as having convictions for violent offences, or information is held about their behaviour which reasonably leads the police and other agencies to believe they pose a risk of harm to their partner, a disclosure will be made.
Child Sex Offender Disclosure Scheme
The Child Sex Offender Review (CSOR) Disclosure Scheme is designed to provide members of the public with a formal mechanism to ask for disclosure about people they are concerned about, who have unsupervised access to children and may therefore pose a risk. This scheme builds on existing, well established third-party disclosures that operate under the Multi-Agency Public Protection Arrangements (MAPPA).
Police will reveal details confidentially to the person most able to protect the child (usually parents, carers or guardians) if they think it is in the child's interests.
The scheme is managed by the Police and information can only be accessed through direct application to them.
If a disclosure is made, the information must be kept confidential and only used to keep the child in question safe. Legal action may be taken if confidentiality is breached. A disclosure is delivered in person (as opposed to in writing) with the following warning:
- That the information must only be used for the purpose for which it has been shared i.e. in order to safeguard children;
- The person to whom the disclosure is made will be asked to sign an undertaking that they agree that the information is confidential and they will not disclose this information further;
- A warning should be given that legal proceedings could result if this confidentiality is breached. This should be explained to the person and they must sign the undertaking. See GOV.UK - Child sex offender disclosure scheme guidance.
3. The Seven Golden Rules for Information Sharing
- Remember that the General Data Protection Regulations, Data Protection Act 2018 and human rights laws are not barriers to justified information sharing but provide a framework to ensure that personal information about living individuals is shared appropriately;
- Be open and honest with the individual (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so;
- Seek advice from other practitioners or your information governance lead if you are in any doubt about sharing the information concerned, without disclosing the identity of the individual where possible;
- Where possible share with consent and, where possible, respect the wishes of those who do not consent to having their information shared. Under the GDPR and Data Protection Act 2018 you may share information without consent if, in your judgement, there is a lawful reason to do so, such as where safety may be at risk. You will need to base your judgment on the facts of the case. When you are sharing or requesting personal information from someone, be clear of the basis upon which you are doing so. Where you do not have consent, be mindful that an individual might not expect information to be shared;
- Consider safety and well-being: Base your information sharing decisions on considerations of the safety and wellbeing of the individual and others who may be affected by their actions;
- Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely (Practitioners must always follow their organisation's policy on security for handling personal information);
- Keep a record of your decision and the reasons for it - whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.
For further information you should consult:
- Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers which supports frontline practitioners working in child or adult services who have to make decisions about sharing personal information on a case-by-case basis;
- Working Together to Safeguard Children, the national guidance document for safeguarding practitioners, which includes information sharing;
- The Information Commissioner’s Office which is the national regulator for data and information sharing.
See also: The Care Act: Safeguarding Adults (SCIE).