SCOPE OF THIS CHAPTER
For additional guidance see the documents contained in the HM Government Information Sharing Guidance issued in October 2008 which can be found on the Department for Education website/HM And, government information sharing guidance and 2013 Protocol and Good Practice Model. Disclosure of information in cases of alleged child abuse and linked criminal and care directions hearings
Child Protection - Information Sharing Project: The Child Protection - Information Sharing project (CP-IS) helps health and social care staff to share information securely to better protect society's most vulnerable children.
In January 2019, this chapter was updated in accordance with the revision of the Data Protection Act and GDPR. A link was added to the GOV.UK - Child sex offender disclosure scheme guidance.
- The Concept of Information Sharing
- Key Points for Workers when Sharing Information
- National Guidance on Sharing Information
- Child Sex Offender Disclosure Scheme
- Age Assessment Information Sharing for Unaccompanied Asylum Seeking Children
Effective information-sharing underpins integrated working and is a vital element of both early intervention and safeguarding. Research and experience have shown repeatedly that keeping children safe from harm requires professionals and others to share information:
- About a child's health and development, and exposure to possible harm;
- About a parent who may need help, or may not be able to care for a child adequately and safely; and
- About those who may pose a risk of harm to a child.
Often, it is only when information from a number of sources has been shared and is then put together, that it becomes clear a child is suffering, or at risk of suffering, Significant Harm. However, when professionals share information at an early stage, this should reduce the likelihood of a child suffering significant harm.
Those providing services to adults and children, for example GP's, will be concerned about the need to balance their duties to protect children from harm and their general duty of care towards their patient or service user, e.g. a parent. Some professionals and staff face the added dimension of being involved in caring for or supporting more than one family member - the abused child, siblings, and an alleged abuser. In English Law, where there are concerns that a child is, or may be, at risk of significant harm, the overriding consideration is to safeguard the child.
When staff are assessing the level of response to a concern they should refer to the threshold documents for each local authority (Family Support Strategy/Pathway to Provision links).
In Nottingham City, this is the Family Support Strategy and Pathway, which can be accessed here: Family Support Pathway
In Nottinghamshire, this is the Pathway to Provision, which can be accessed here: Pathway to Provision
2. The Concept of Information Sharing
Working Together to Safeguard Children states that:
Effective sharing of information between practitioners (see Information Sharing: Advice for Safeguarding Practitioners) and local organisations and agencies is essential for early identification of need, assessment and service provision to keep children safe. Serious case reviews (SCRs) have highlighted that missed opportunities to record, understand the significance of and share information in a timely manner can have severe consequences for the safety and welfare of children.
3. Key Points for Workers when Sharing Information
The general principle is that information will only be shared with the consent of the subject of the information.
Sharing confidential information without consent will normally be justified in the public interest in the circumstances shown in Section 4, National Guidance on Sharing Information.
There are seven golden rules for information sharing: (see Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers).
Each situation should be considered on a case-by-case basis. Professionals should always seek advice from senior colleagues, including those in legal services, where clarity is required; in the first instance practitioners should contact their manager.
4. National Guidance on Sharing Information
Sharing information is an intrinsic part of any frontline practitioners' job when working with children and young people. The decisions about how much information to share, with whom and when, can have a profound impact on individuals' lives. Information sharing helps to ensure that an individual receives the right services at the right time and prevents a need from becoming more acute and difficult to meet.
Poor or non-existent information sharing is a factor repeatedly identified as an issue in Serious Case Reviews (SCRs) carried out following the death of or serious injury to, a child. In some situations, sharing information can be the difference between life and death.
Fears about sharing information cannot be allowed to stand in the way of the need to safeguard and promote the welfare of children at risk of abuse or neglect. Every practitioner must take responsibility for sharing the information they hold, and cannot assume that someone else will pass on information, which may be critical to keeping a child safe.
Sharing of information between practitioners and organisations is essential for effective identification, assessment, risk management and service provision. Fears about sharing information cannot be allowed to stand in the way of the need to safeguard and promote the welfare of children and young people at risk of abuse or neglect. Below are common myths that can act as a barrier to sharing information effectively:
The GDPR and Data Protection Act 2018 are barriers to sharing information
No – the GDPR and Data Protection Act 2018 do not prohibit the collection and sharing of personal information. They provide a framework to ensure that personal information is shared appropriately. In particular, the Data Protection Act 2018 balances the rights of the information subject (the individual whom the information is about) and the possible need to share information about them. Never assume sharing is prohibited – it is essential to consider this balance in every case. You should always keep a record of what you have shared.
Consent is always needed to share personal information
No – you do not necessarily need the consent of the information subject to share their personal information.
Wherever possible, you should seek consent and be open and honest with the individual from the outset as to why, what, how and with whom, their information will be shared. You should seek consent where an individual may not expect their information to be passed on. When you gain consent to share information, it must be explicit, and freely given.
There may be some circumstances where it is not appropriate to seek consent, either because the individual cannot give consent, it is not reasonable to obtain consent, or because to gain consent would put a child or young person's safety or well-being at risk.
Where a decision to share information without consent is made, a record of what has been shared should be kept.
Personal information collected by one organisation cannot be disclosed to another organisation
No - this is not the case, unless the information is to be used for a purpose incompatible with the purpose it was originally collected for. In the case of children in need, or children at risk of significant harm, it is difficult to foresee circumstances where information law would be a barrier to sharing personal information with other practitioners.
Practitioners looking to share information should consider which processing condition in the Data Protection Act 2018 is most appropriate for use in the particular circumstances of the case. This may be the safeguarding processing condition or another relevant provision.
The common law duty of confidence and the Human Rights Act 1998 prevent the sharing of personal information
No - this is not the case. In addition to the GDPR and Data Protection Act 2018, practitioners need to balance the common law duty of confidence, and the rights within the Human Rights Act 1998, against the effect on children or individuals at risk, if they do not share the information.
If information collection and sharing is to take place with the consent of the individuals involved, providing they are clearly informed about the purpose of the sharing, there should be no breach of confidentiality or breach of the Human Rights Act 1998. If the information is confidential, and the consent of the information subject is not gained, then practitioners need to decide whether there are grounds to share the information without consent. This can be because it is overwhelmingly in the information subject's interests for this information to be disclosed. It is also possible that a public interest would justify disclosure of the information (or that sharing is required by a court order, other legal obligation or statutory exemption).
In the context of safeguarding a child or young person, where the child's welfare is paramount, it is possible that the common law duty of confidence can be over overcome. Practitioners must consider this on a case-by-case basis. As is the case for all information processing, initial thought needs to be given as to whether the objective can be achieved by limiting the amount of information shared – does all of the personal information need to be shared to achieve the objective?
IT Systems are often a barrier to effective information sharing
No – IT systems, such as the Child Protection Information Sharing project (CP-IS), can be useful in supporting information sharing. IT systems are most valuable when practitioners use the data that has been shared to make more informed decisions about how to support and safeguard a child. Evidence from the Munro Review is clear that IT systems will not be fully effective unless individuals from organisations co-operate around meeting the needs of the individual child. Professional judgment is the most essential aspect of multi-agency work, which could be put at risk if organisations rely too heavily on IT systems. (Information sharing: Advice for practitioners providing safeguarding services to children, young people, parents and carers p15)
Working Together to Safeguard Children states that:
Practitioners must have due regard to the relevant data protection principles which allow them to share personal information, as provided for in the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). To share information effectively:
- All practitioners should be confident of the processing conditions under the Data Protection Act 2018 and the GDPR which allow them to store and share information for safeguarding purposes, including information which is sensitive and personal, and should be treated as 'special category personal data';
- •Where practitioners need to share special category personal data, they should be aware that the Data Protection Act 2018 contains 'safeguarding of children and individuals at risk' as a processing condition that allows practitioners to share information. This includes allowing practitioners to share information without consent, if it is not possible to gain consent, it cannot be reasonably expected that a practitioner gains consent, or if to gain consent would place a child at risk;
- '… all organisations and agencies should have arrangements in place that set out clearly the processes and the principles for sharing information. The arrangement should cover how information will be shared within their own organisation/agency; and with others who may be involved in a child's life;
- ... all practitioners should not assume that someone else will pass on information that they think may be critical to keeping a child safe. If a practitioner has concerns about a child's welfare and considers that they may be a child in need or that the child has suffered or is likely to suffer significant harm, then they should share the information with local authority children's social care and/or the police. All practitioners should be particularly alert to the importance of sharing information when a child moves from one local authority into another, due to the risk that knowledge pertinent to keeping a child safe could be lost;
- ... all practitioners should aim to gain consent to share information, but should be mindful of situations where to do so would place a child at increased risk of harm. Information may be shared without consent if a practitioner has reason to believe that there is good reason to do so, and that the sharing of information will enhance the safeguarding of a child in a timely manner. When decisions are made to share or withhold information, practitioners should record who has been given the information and why.
Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers supports frontline practitioners working in child or adult service who have to make decisions about sharing personal information on a case- by-case basis. The guidance can be used to supplement local guidance and encourage good practice in information sharing'.
Nottinghamshire Information Sharing Protocol
This Protocol sets out the principles and commitments that will underpin the secure and confidential sharing of information between organisations involved in delivering health and social care services in Nottinghamshire, in accordance with national and local policy and legislative requirements. The Protocol is also intended to inform members of the community why information about them may need to be shared and how this sharing will be managed.
The aims and objectives of this protocol are:
- To provide early notification to the Local Authority and to the Family Court that a criminal investigation has been commenced;
- To provide timely early notification to the Local Authority and to the Family Court of the details and timescale of criminal prosecution;
- To facilitate timely and consistent disclosure of information and documents from the police, and the CPS, into the Family Justice System;
- To provide notification to the police and the CPS of an application to the Family Court for an order for the disclosure of prosecution material into the Family Justice System;
- Subject to the Family Procedure Rules 2010 (and relevant Practice Directions3) the Criminal Procedure Rules 2013 and the common law duty of confidentiality, to facilitate timely and consistent disclosure of information and documents from the Family Justice System to the police and/or the CPS;
- To provide a timely expeditious process for the Local Authority to respond to a request from the police for material held by the Local Authority which would assist a criminal investigation;
- To provide for timely consultation between the CPS and the Local Authority where Local Authority material satisfies the test in Criminal Procedure and Investigations Act 1996 for disclosure to the defence;
- To provide a streamlined and standard process for applications by the police and/or the CPS for the permission of the Family Court for disclosure of material relating to Family Court Proceedings;
- To specify a procedure for linked directions hearings in concurrent criminal and care proceedings.
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 are based on existing best practice associated with the Data Protection Act 1998. They ensure personal information is obtained and processed fairly and lawfully; only disclosed in appropriate circumstances; is accurate, relevant and not held longer than necessary; and is kept securely.
They balance the rights of the information subject (the individual whom the information is about) with the need to share information about them.
The GDPR and the Data Protection Act 2018 introduce new elements and provide an opportunity for organisations to review their current data protection and privacy practices. The Data Protection Act 2018 sets out the lawful grounds for processing of special category personal data – including without consent if the circumstances justify it – where it is in the substantial public interest to safeguard children and individuals at risk.
Further details are set out in SCHEDULE 8 Section 35(5) of the Data Protection Act 2018 which states:
- 4 (1) This condition is met if—
- The processing is necessary for the purposes of:
- Protecting an individual from neglect or physical, mental or emotional harm; or
- Protecting the physical, mental or emotional well-being of an individual.
- The individual is:
- Aged under 18; or
- Aged 18 or over and at risk.
- The processing is necessary for the purposes of:
Where there is a clear risk of significant harm to a child, or serious harm to adults the decision to share information is clear, as actions must be taken to respond to the disclosure. In other cases, for example, neglect, the indicators may be more subtle and appear over time. In these cases, decisions about what information to share, and when, may be more difficult to judge. Decisions in this area need to be made by, or with the advice of, people with suitable competence in Child Protection work such as named or designated practitioners or senior managers. The information shared should be proportionate.
Caldicott Guardian Principles
A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information-sharing.
These are applicable to local authority children's services and Health Trusts. and provide a framework for working within the Data Protection Act 1998 and promote appropriate information sharing.
Every local Health Service and Children and Young People's Directorate has its own Caldicott Guardian, to provide advice and guidance on appropriate information sharing.
Staff in NHS organisations and the Local Authority should familiarise themselves with the contact point for the Caldicott guardian within their organisation who can offer advice in complex cases.
Section 115 of the Crime and Disorder Act 1998 establishes:
The power to disclose information is central to the Act's partnership approach. The Police have an important general power under common law to disclose information for the prevention, detection and reduction of crime. However, some other public bodies that collect information may not previously have had power to disclose it to the Police and others. This section puts beyond doubt the power of any organisation to disclose information to Police authorities, local authorities, Probation Service, Health Authorities, or to persons acting on their behalf, so long as such disclosure is necessary or expedient for the purposes of crime prevention. These bodies also have the power to use this information.
Article 8 in the European Convention on Human Rights states that:
Everyone has the right to respect for his/her private and family life, home and correspondence;
There shall be no interference by a public authority with the exercise of this right except such as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of rights and freedoms of others.
For further information please see the Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers.
5. Child Sex Offender Disclosure Scheme
The Child Sex Offender Review (CSOR) Disclosure Scheme (see the GOV.UK website) is designed to provide members of the public with a formal mechanism to ask for disclosure about people they are concerned about, who have unsupervised access to children and may therefore pose a risk. This scheme builds on existing, well established third-party disclosures that operate under the Multi-Agency Public Protection Arrangements (MAPPA).
Police will reveal details confidentially to the person most able to protect the child (usually parents, carers or guardians) if they think it is in the child's interests.
The scheme is managed by the Police and information can only be accessed through direct application to them.
If a disclosure is made, the information must be kept confidential and only used to keep the child in question safe. Legal action may be taken if confidentiality is breached. A disclosure is delivered in person (as opposed to in writing) with the following warning:
- 'That the information must only be used for the purpose for which it has been shared i.e. in order to safeguard children;
- The person to whom the disclosure is made will be asked to sign an undertaking that they agree that the information is confidential and they will not disclose this information further;
- A warning should be given that legal proceedings could result if this confidentiality is breached. This should be explained to the person and they must sign the undertaking' - see GOV.UK - Child sex offender disclosure scheme guidance.
If the person is unwilling to sign the undertaking, the police must consider whether the disclosure should still take place.
6. Age Assessment Information Sharing for Unaccompanied Asylum Seeking Children
To assist in the age assessment in social work with asylum seeking young people the ADCS (Association of Directors of Children's Services) Asylum Task Force and the Home Office to provide further guidance, as detailed below. Age Assessment Information Sharing for Unaccompanied Asylum Seeking children: Explanation and Guidance;