Information Sharing

Working Together to Safeguard Children states for Information Sharing:

Effective sharing of information between practitioners and local organisations and agencies is essential for early identification of need, assessment and service provision to keep children safe. Research and experience have repeatedly shown that keeping children safe from harm requires practitioners to record, analyse and understand the significance of the information they have about:

• A child's health and development and any exposure to possible harm;
• A parent who may need help, or may not be able to care for a child adequately and safely; and
• Those who may pose a risk of harm to a child.

It is vital that information is shared in an appropriate and timely fashion. Often, it is only when information from a number of sources has been shared and is then put together, that it becomes clear that a child has suffered, or is likely to suffer, significant harm. Practitioners should be proactive in sharing information as early as possible to help identify, assess and respond to risks or concerns about the safety and welfare of children. This includes when problems first emerge, or where a child is already known to local authority children's social care (e.g. they are being supported as a child in need or have a child protection plan).

Information sharing should always be necessary, proportionate, relevant, accurate, timely and secure. A record should be kept of what has been shared, with whom and for what purpose and the reasoning behind it.

Practitioners should also be alert to sharing important information about any adults with whom that child has contact, which may impact on the child's safety or welfare.

Information sharing is essential for the identification of patterns of behaviour for example when a child is at risk of going missing or has gone missing, when multiple children appear associated to the same context or locations of risk, or in relation to children in the secure estate where there may be multiple local authorities involved in a child's care.

It will be for local safeguarding partners to consider how they will build positive relationships with other local areas to ensure that relevant information is shared in a timely and proportionate way.

Those providing services to adults and children, GPs for example, may be concerned about the need to balance their duties to protect children from harm against their general duty of care towards their patient or service user, e.g. a parent.

Some practitioners face the added dimension of being involved in caring for or supporting more than one family member - the abused child, siblings, and an alleged abuser. However, the Children Act 1989 determines that where there are concerns that a child is, or may be, at risk of significant harm, the overriding consideration is the welfare of the child.

Practitioners must have due regard to the relevant data protection principles which allow them to share personal information, as provided for in the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). To share information effectively. 

The UK GDPR and Data Protection Act 2018 do not prevent the sharing of information for the purposes of keeping children and young people safe. Fears about sharing information must not be allowed to stand in the way of the need to promote the welfare and protect the safety of children.

It is important however, that practitioners understand the data protection principles which allow them to share personal information. The UK GDPR and Data Protection Act 2018 emphasise the need for organisations to be transparent and accountable in relation to their use of data. All organisations handling personal data must ensure they have comprehensive and proportionate arrangements for collecting, storing, and sharing information. This also includes arrangements on informing service users about the information they will collect and how this may be shared.

To effectively share information:

• All practitioners should be confident of the lawful bases and processing conditions which allow them to store, and share information. This includes information which is considered sensitive, such as health data. This is known under data protection legislation as 'special category of personal data';
• Where practitioners need to share special category data, for example where information obtained is sensitive and needs more protection, they need to identify both a lawful basis for processing under Article 6 of the UK GDPR and a special category condition for processing in compliance with Article 9 (see: Information Commissioner's Office, Lawful basis for processing);
• Schedule 1 of the Data Protection Act 2018 has 'safeguarding of children and individuals at risk' as a processing condition that allows practitioners to share information, including without consent (where, in the circumstances consent cannot be given, it cannot be reasonably expected that a practitioner obtains consent, or if to gain consent would place a child at risk).

Please see National Legislation and Guidance, for further information.

Working Together to Safeguard Children provides the following Myth-busting guide to information sharing.

Sharing information enables practitioners and agencies to identify and provide appropriate services that safeguard and promote the welfare of children. Below are common myths that may hinder effective information sharing.

Data protection legislation is a barrier to sharing information

No – the Data Protection Act 2018 and GDPR do not prohibit the collection and sharing of personal information, but rather provide a framework to ensure that personal information is shared appropriately. In particular, the Data Protection Act 2018 balances the rights of the information subject (the individual whom the information is about) and the possible need to share information about them.

Consent is always needed to share personal information.

No – you do not necessarily need consent to share personal information. Wherever possible, you should seek consent and be open and honest with the individual from the outset as to why, what, how and with whom, their information will be shared. You should seek consent where an individual may not expect their information to be passed on. When you gain consent to share information, it must be explicit, and freely given. There may be some circumstances where it is not appropriate to seek consent, because the individual cannot give consent, or it is not reasonable to obtain consent, or because to gain consent would put a child’s or young person’s safety at risk.

Personal information collected by one organisation/agency cannot be disclosed to another.

No – this is not the case unless the information is to be used for a purpose incompatible with the purpose for which it was originally collected. In the case of children in need, or children at risk of significant harm, it is difficult to foresee circumstances where information law would be a barrier to sharing personal information with other practitioners.

The common law duty of confidence and the Human Rights Act 1998 prevent the sharing of personal information.

No – this is not the case. In addition to the Data Protection Act 2018 and GDPR, practitioners need to balance the common law duty of confidence and the Human Rights Act 1998 against the effect on individuals or others of not sharing the information.

IT Systems are often a barrier to effective information sharing.

No – IT systems, such as the Child Protection Information Sharing project (CP-IS), can be useful for information sharing. IT systems are most valuable when practitioners use the shared data to make more informed decisions about how to support and safeguard a child.

There are seven golden rules for information sharing which should be followed by all organisations working with and providing services for children and their families: (see Information sharing: advice for practitioners providing safeguarding services (July 2018)).

1. Remember that the Data Protection Act and human rights laws are not barriers to justified information sharing but provide a framework to ensure that personal information about living individuals is shared appropriately;
2. Be open and honest with the individual (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so;
3. Seek advice from other practitioners if you are in any doubt about sharing the information concerned, without disclosing the identity of the individual where possible;
4. Share with informed consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, there is good reason to do so, such as where safety may be at risk. You will need to base your judgment on the facts of the case. When you are sharing or requesting personal information from someone, be certain of the basis upon which you are doing so. Where you have consent, be mindful that an individual might not expect information to be shared;
5. Consider safety and well-being: Base your information sharing decisions on considerations of the safety and wellbeing of the individual and others who may be affected by their actions;
6. Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely (Practitioners must always follow their organisation's policy on security for handling personal information);
7. Keep a record of your decision and the reasons for it - whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.

Source: Information sharing: advice for practitioners providing safeguarding services (July 2018).

Information on children and families can be held in many different ways, including in case records or electronically on a variety of IT systems which are accessible to different practitioners. Information may be shared face-to-face, over the telephone or via secure email. Whenever information is shared, a record of this should be made in the individual's record and the information should not be kept any longer than is necessary. In some rare circumstances, this may be indefinitely, but if this is the case, there should be a review process scheduled at regular intervals to ensure data is not retained where it is unnecessary to do so.

Each situation should be considered on a case-by-case basis. Professionals should always seek advice from senior colleagues, including the Data Protection Officer and legal services, where clarity is required.

Working Together to Safeguard Children includes a Myth-busting guide to information sharing that states:

You do not need consent to share personal information. It is one way to comply with the data protection legislation, but not the only way. The GDPR provides a number of bases for sharing personal information. It is not necessary to seek consent to share information for the purposes of safeguarding and promoting the welfare of a child provided that there is a lawful basis to process any personal information required.

The legal bases that may be appropriate for sharing data in these circumstances could be 'legal obligation' or 'public task' which includes performance of a task in the public interest or the exercise of official authority. Each of the legal bases under GDPR has different requirements.

It continues to be good practice to be transparent and to inform parents/carers that you are sharing information for these purposes and seek to work co-operatively with them. Practitioners should therefore usually inform parents/carers (and the child depending on their age and level of understandings) that they are going to make a referral.

However, referrals can be made without first informing parents/carers where to do so would place a child at risk.

Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers supports frontline practitioners working in child services who have to make decisions about sharing personal information on a case-by-case basis. The guidance can be used to supplement local guidance and encourage good practice in information sharing'.

Sharing information is essential to enable early intervention to help children, young people and families who need additional services to achieve positive outcomes, thus reducing inequalities between disadvantaged children and others. These services could include additional help with learning, specialist health services, help and support to move away from criminal or anti-social behaviour, or support for parents in developing parenting skills.

Information sharing is also vital to safeguarding and promoting the welfare of children and young people. A key factor in many serious case reviews has been a failure to record information, to share it, to understand the significance of the information shared, and to take appropriate action in relation to known or suspected abuse or neglect.

We know that practitioners recognise the importance of information sharing and that there is much good practice. But practitioners also tell us that in some situations they feel constrained from sharing information by their uncertainty about when they can do so lawfully. This guidance aims to provide clarity on that issue.

It is important that practitioners:

• Are supported by their employers in working through these issues;
• Understand what information is and is not confidential, and the need in some circumstances to make a judgment about whether confidential information can be shared, in the public interest, without consent;
• Understand and apply good practice in sharing information at an early stage as part of preventative work;
• Are clear that information can normally be shared where you judge that a child or young person is at risk of suffering significant harm or that an adult is at risk of serious harm.

All agencies should have:

• Arrangements in place that set out clearly the processes and the principles for sharing information. The arrangement should cover how information will be shared within their own organisation/agency; and with others who may be involved in a child’s life;
• All practitioners should not assume that someone else will pass on information that they think may be critical to keeping a child safe;
• If a practitioner has concerns about a child’s welfare and considers that they may be a child in need or that the child has suffered or is likely to suffer significant harm, then they should share the information with local authority children’s social care and/or the police;
• All practitioners should be particularly alert to the importance of sharing information when a child moves from one local authority into another, due to the risk that knowledge pertinent to keeping a child safe could be lost;
• All practitioners should aim to gain consent to share information but should be mindful of situations where to do so would place a child at increased risk of harm. Information may be shared without consent if a practitioner has reason to believe that there is good reason to do so, and that the sharing of information will enhance the safeguarding of a child in a timely manner. When decisions are made to share or withhold information, practitioners should record who has been given the information and why;
• A systematic approach within their agency to explaining to children, young people and families when they first access the service how and why information may be shared, which will build the confidence of all involved;
• Clear systems, standards and protocols for sharing information. These may derive from their agency's policies, any local protocols in place, or from their professional code of conduct;
• Access to training where they can discuss issues which concern them and explore case examples with other practitioners;
• A source of advice and support on information sharing issues;
• The statutory guidance on section 11 of the Children Act 2004 states that in order to safeguard and promote children's welfare, the agencies covered by section 11 should make arrangements to fulfil these duties.

In deciding whether there is a need to share information you need to consider your legal obligations including:

1. Whether the information is confidential; and
2. If it is confidential, whether there is a public interest sufficient to justify sharing.

Not all information is confidential. Confidential information is information of some sensitivity, which is not already lawfully in the public domain or readily available from another public source, and which has been shared in a relationship where the person giving the information understood that it would not be shared with others. For example, a teacher may know that one of her pupils has a parent who misuses drugs. That is information of some sensitivity but may not be confidential if it is widely known or it has been shared with the teacher in circumstances where the person understood it would be shared with others. If however, it is shared with the teacher by the pupil in a counselling session, for example, it would be confidential.

Confidence is only breached where the sharing of confidential information is not authorised by the person who provided it or to whom it relates. If the information was provided on the understanding that it would be shared with a limited range of people or for limited purposes, then sharing in accordance with that understanding will not be a breach of confidence. Similarly, there will not be a breach of confidence where there is explicit consent to the sharing.

Even where sharing of confidential information is not authorised, you may lawfully share it if this can be justified in the public interest. Seeking consent should be the first option, if appropriate. Where consent cannot be obtained to the sharing of the information or is refused, or where seeking it is likely to undermine the prevention, detection or prosecution of a crime, the question of whether there is a sufficient public interest must be judged by the practitioner on the facts of each case. Therefore, where you have a concern about a child or young person, you should not regard refusal of consent as necessarily precluding the sharing of confidential information.

A public interest can arise in a wide range of circumstances, for example, to protect children or other people from harm, to promote the welfare of children or to prevent crime and disorder. There are also public interests, which in some circumstances may weigh against sharing, including the public interest in maintaining public confidence in the confidentiality of certain services. The key factor in deciding whether or not to share confidential information is proportionality, i.e. whether the proposed sharing is a proportionate response to the need to protect the public interest in question. In making the decision you must weigh up what might happen if the information is shared against what might happen if it is not, and make a decision based on a reasonable judgment.

It is not possible to give guidance to cover every circumstance in which sharing of confidential information without consent will be justified. Practitioners must make a judgment on the facts of the individual case. Where there is a clear risk of significant harm to a child, or serious harm to adults, the public interest test will almost certainly be satisfied. However there will be other cases where practitioners will be justified in sharing some confidential information in order to make decisions on sharing further information or taking action - the information shared should be proportionate.

It is possible however to identify some circumstances in which sharing confidential information without consent will normally be justified in the public interest. These are:

• When there is evidence that the child is suffering or is at risk of suffering significant harm; or
• Where there is reasonable cause to believe that a child may be suffering or at risk of significant harm; or
• To prevent significant harm arising to children and young people or serious harm to adults, including through the prevention, detection and prosecution of serious crime.

For the purposes of this guidance, serious crime means any crime which causes or is likely to cause significant harm to a child or young person or serious harm to an adult.

There is an increasing emphasis on integrated working across children's services so that support for children, young people and families is provided in response to their needs. The aim is to deliver more effective intervention at an earlier stage to prevent problems escalating and to increase the chances of a child or young person achieving positive outcomes. In some areas there is increased use of multi-agency services, for example in children's centres to support child health.

Whether the integrated working is across existing services or through specific multi-agency structures, success depends upon effective partnership working between universal services (such as education and primary health care) and targeted and specialist services for those children, young people and families at risk of poor outcomes. Preventative services working in this way will be more effective in identifying concerns about suffering significant harm, for example as a result of abuse or neglect. However, in most situations children, young people and family members will require additional services in relation to education, health, behaviour, parenting, or family support, rather than intervention to protect the child or young person from harm or to prevent or detect serious crime.

Effective preventative services of this type will usually require active processes for identifying children and young people at risk of poor outcomes, and passing information to those delivering targeted support. Practitioners sometimes express concern about how this can be done lawfully.

Seeking consent should be the first option. Practitioners in universal, targeted and specialist services, including multi-agency services, should proactively inform children, young people and families, when they first engage with the service, about their service's policy on how information will be shared, and seek their consent. The approach to sharing information should be explained openly and honestly. Where this is done, young people and families will be aware how their information may be shared, and experience shows that most will give consent.

Information which is not confidential may generally be shared where that is necessary for the legitimate purposes of preventative work. Where information is confidential, however, and consent is refused, that should be respected, unless in the practitioner's professional judgment on the facts of the case, the public interest justifies the sharing of information.

It is critical that all practitioners working with children and young people are in no doubt that where they have reasonable cause to suspect that a child or young person may be suffering or may be at risk of suffering significant harm, they should always consider referring their concerns to children's social care. While, in general, you should seek to discuss any concerns with the family and, where possible, seek their agreement to making referrals to children's social care, this should only be done where such discussion and agreement-seeking will not place a child at increased risk of suffering significant harm or lead to interference with any potential investigation. The child's interests must be the overriding consideration in making any such decisions.

In some situations there may be a concern that a child or young person may be suffering or at risk of significant harm or of causing serious harm to others, but you may be unsure whether what has given rise to your concern constitutes 'a reasonable cause to believe'. In these situations, the concern must not be ignored. You should always talk to someone to help you decide what to do - a lead person on child protection, a Caldicott guardian, or a discussion with a trusted colleague or another practitioner who knows the child. The decision, to share information or not, should be recorded.

Agencies requesting information from others should clarify the purpose of seeking the information, and what is the legal basis of the requests. For example, social workers seeking information should clarify whether they are acting under Section 17 or Section 47 of the Children Act 1989, or under some other statutory duty.

When considering sharing information, professionals will need to consider the issues addressed above concerning:

• The power to disclose;
• The duty to disclose;
• Issues of consent.

The interests of accuracy and of recording the reasons for sharing information will normally be best served by putting the information in writing. It will also be helpful to indicate whether the party sharing the information feels it should not be disclosed to the service user, or parent, as most records are now accessible to service users unless exempted for a specific reason, such as the likelihood of causing serious harm. In urgent situations, information will need to be shared verbally, but should then if possible be followed up and confirmed in writing.

Agencies should have clear and public policies covering the storage and retention of information, and access by service users and others acting on their behalf to such records. Particular attention must be paid to the security of information which has been obtained from other agencies or professionals.

Every NEL SCP should play a strong role in supporting information sharing between and within organisations and addressing any barriers to information sharing. This should include ensuring that a culture of information sharing is developed and supported as necessary by multi-agency training. 

The core legislation underpinning the work of the NEL SCP is the Children Act 2004, which provides a comprehensive framework for the care and protection of children. Detailed statutory guidance is also contained in Working Together to Safeguard Children 2015.

Under section 14B of the Children Act 2004, the NEL SCPB can require a person or body to comply with a request for information. This can only take place where the information requested is for the purpose of enabling or assisting the NEL SCP to perform its functions. This includes information required in respect of the Serious Case Review, Child Death Review and the Allegations Management Any request for information about individuals must be necessary and proportionate to the reasons for the request. The NEL SCP should be mindful of the burden of requests and should explain why the information is needed. 

Information requested by the NEL SCP from schools as part of the allegations management process

NEL SCP will make requests for information from the School Children Protection Officer (SCPO). The request will be made by secure e-mail to the SCPO, where this facility is not available the request will be sent in an encrypted or password protected document. Passwords will be provided to SCPO under separate arrangements.

When making a request for information about individuals, the Safeguarding unit will only ask for the information that is 'necessary' and 'proportionate' to the purposes of the NEL SCP as allowed by section 14B of the Children Act 2004.

Answering requests for information made on behalf of the NEL SCPP

School Children Protection Officer (SCPO) should answer the requests by secure e-mail / MoveIT, where this facility is not available the response should be sent in an encrypted or password protected document. Passwords must be provided to the Safeguarding unit under separate arrangements.

Secure transfer of NEL SCP information. NEL SCP information will be transferred to School Children Protection Officer either at NEL SCP meetings or by secure e-mail, where this facility is not available the response should be sent in an encrypted or password protected document, with passwords provided to under separate arrangements.

Security and protection of NEL SCPP information

Schools must ensure that all NEL SCP case records are kept secure and protected at all times to prevent unauthorised access or loss. Clear screen and desk policies should be in place. Information should be stored in folders restricted to authorised users, or in locked storage areas or cabinets. Encrypted USBs can be used for the purpose of secure transportation, but not long-term storage. Documents taken out of the secure environment must be placed in closable folders, and remain with the designated officer at all times, they must never be left unattended.

Retention and disposal of NEL SCP case records: The primary records for the NEL SCP will be held by North East Lincolnshire Council’s Safeguarding unit. The records held by schools will be secondary records and should be retain for as long as is necessary to meet their business requirements. In most cases this should be no longer than the school year following the 25th birthday of the pupil. All NEL SCPB case records held by schools must be disposed of by controlled secure methods, it is recommended that this is either by cross cut shredding or incineration.

Corporate Parenting - Looked After Children

Where North East Lincolnshire Council is the ‘corporate parent’ for the looked after children in its care, they will receive the same information in relation to the child’s education from the school as would any other parent or guardian with parental responsibility for a child. North East Lincolnshire Council will not seek from the school any information it is not entitled to.

The Data Protection Act 2018 / General Data Protection Regulation (GDPR):

The Data Protection Principles requires that personal data shall be:

1. Processed lawfully, fairly and in a transparent manner in relation to individuals ('lawfulness, fairness and transparency');
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes ('purpose limitation');
3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation');
4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy');
5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals ('storage limitation');
6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').

The Data Protection Act and GDPR also provides individuals with the following rights in relation to their personal data:

1. The right to be informed;
2. The right of access;
3. The right to rectification;
4. The right to erasure;
5. The right to restrict processing;
6. The right to data portability;
7. The right to object;
8. Rights in relation to automated decision making and profiling.

Working Together to Safeguard Children

Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers

The Information Commissioner's Office (ICO) website

Practice Guidance on Sharing Adult Safeguarding Information

Serious Violence Duty - Preventing and Reducing Serious Violence: Statutory Guidance for Responsible Authorities

Report a concern about a child process (SaferNEL)

Further information about data protection and information sharing can be obtained from the Council data protection officer, transparency@nelincs.gov.uk.