Skip to content
Company Logo

Information Sharing

Related guidance

Amendment

This chapter was updated in August 2024.

August 5, 2024

This guidance should be read in conjunction with the Council’s Data Protection Policy and guidance and the Department for Education Information Sharing (advice for practitioners providing safeguarding services for children, young people, parents and carers, which was published  in May 2024. Please follow the link DfE non statutory information sharing advice for practitioners providing safeguarding services for children, young people, parents and carers.

When thinking about information sharing it is important to remember that data protection legislation is NOT a barrier to sharing information. Also there are a number of lawful bases for sharing information and consent is not always necessary or the best basis for the sharing of information.

Working Together to Safeguard Children states for Information Sharing:

No single practitioner can have a full picture of a child’s needs and circumstances so effective sharing of information between practitioners, local organisations and agencies is essential for early identification of need, assessment, and service provision to keep children safe. Rapid reviews and child safeguarding practice reviews have highlighted that missed opportunities to record, understand the significance of, and share information in a timely manner can have severe consequences for children.

Practitioners should be proactive in sharing information as early as possible to help identify, assess, and respond to risks or concerns about the safety and welfare of children. This may be when problems are first emerging (for example, persistent school absences) or where a child is already known to local authority children’s social care. Sharing information about any adults with whom that child has contact, which may impact the child’s safety or welfare, is also critical.

Information sharing is also essential for the identification of patterns of behaviour when a child is at risk of going missing or has gone missing, including being missing from education. When multiple children appear associated to the same context or locations of risk, or in relation to children in the secure estate where there may be multiple local authorities involved in a child’s care, it will be for local safeguarding partners to consider how they build relationships and share relevant information in a timely and proportionate way with each other, other local organisations, and other safeguarding partnerships.

Each centre holding those aged under 18 should have in place an annually reviewed safeguarding children policy. The policy is designed to promote and safeguard the welfare of children and should cover all relevant operational areas as well as key supporting processes, which would include issues such as child protection, risk of harm, restraint, separation, staff recruitment and information sharing. A manager should be appointed and will be responsible for implementation of this policy.

It is vital that information is shared in an appropriate and timely fashion. Often, it is only when information from a number of sources has been shared and is then put together, that it becomes clear that a child has suffered, or is likely to suffer, significant harm. Practitioners should be proactive in sharing information as early as possible to help identify, assess and respond to risks or concerns about the safety and welfare of children. This includes when problems first emerge, or where a child is already known to local authority children's social care (e.g. they are being supported as a child in need or have a child protection plan).

Information sharing should always be necessary, proportionate, relevant, accurate, timely and secure. A record should be kept of what has been shared, with whom and for what purpose and the reasoning behind it.

Practitioners should also be alert to sharing important information about any adults with whom that child has contact, which may impact on the child's safety or welfare.

Information sharing is essential for the identification of patterns of behaviour for example when a child is at risk of going missing or has gone missing, when multiple children appear associated to the same context or locations of risk, or in relation to children in the secure estate where there may be multiple local authorities involved in a child's care.

It will be for local safeguarding partners to consider how they will build positive relationships with other local areas to ensure that relevant information is shared in a timely and proportionate way.

Those providing services to adults and children, GPs for example, may be concerned about the need to balance their duties to protect children from harm against their general duty of care towards their patient or service user, e.g. a parent.

Some practitioners face the added dimension of being involved in caring for or supporting more than one family member - the abused child, siblings, and an alleged abuser. However, the Children Act 1989 determines that where there are concerns that a child is, or may be, at risk of significant harm, the overriding consideration is the welfare of the child.

Practitioners must have due regard to the relevant data protection principles which allow them to share personal information, as provided for in the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). To share information effectively. 

The UK GDPR and Data Protection Act 2018 do not prevent the sharing of information for the purposes of keeping children and young people safe. Fears about sharing information must not be allowed to stand in the way of the need to promote the welfare and protect the safety of children.

It is important however, that practitioners understand the data protection principles which allow them to share personal information. The UK GDPR and Data Protection Act 2018 emphasise the need for organisations to be transparent and accountable in relation to their use of data. All organisations handling personal data must ensure they have comprehensive and proportionate arrangements for collecting, storing, and sharing information. This also includes arrangements on informing service users about the information they will collect and how this may be shared.

To effectively share information:

  • All organisations and agencies should have arrangements in place that set out clearly the processes and the principles for sharing information. The arrangements should cover how information will be shared with their own organisation/agency and with others who may be involved in a child’s life;
  • All practitioners should be confident of the lawful bases and processing conditions which allow them to store, and share information. This includes information which is considered sensitive, such as health data. This is known under data protection legislation as 'special category of personal data';
  • Practitioners should not assume that someone else will pass on information that they think may be critical to keep a child safe. If a practitioner has concerns about a child’s welfare or safety, then they should share the information with local authority children’s social care and/or the police. All practitioners should be particularly alert to the importance of sharing information when a child moves from one local authority into another, due to the risk that knowledge pertinent to keeping a child safe could be lost;
  • Practitioners should aim to be as transparent as possible by telling families what information they are sharing and with whom, provided that it is safe to do so;
  • Where practitioners need to share special category data, for example where information obtained is sensitive and needs more protection, they need to identify both a lawful basis for processing under Article 6 of the UK GDPR and a special category condition for processing in compliance with Article 9 (see: Information Commissioner's Office, Lawful basis for processing);
  • Schedule 1 of the Data Protection Act 2018 has 'safeguarding of children and individuals at risk' as a processing condition that allows practitioners to share information, including without consent (where, in the circumstances consent cannot be given, it cannot be reasonably expected that a practitioner obtains consent, or if to gain consent would place a child at risk).

Please see National Legislation and Guidance, for further information.

Personal Data - Under the UK GDPR, personal data covers information which could be used to identify a person (also sometimes called the 'data subject'). This includes for example, a person's name, address, or an identification/file number.

Special category data - Under the UK GDPR, special category data relates to information about individuals which is particularly sensitive and so needs greater protection before it is shared. This includes for example, information about a person's race and ethnic origin, their health and sexual orientation.

Lawful Bases for Sharing Information (UK GDPR Article 6) - The UK GDPR provides practitioners with a number of lawful bases for sharing information. It is not necessary to seek consent to share information for the purposes of safeguarding and promoting the welfare of a child, providing there is a lawful basis for the sharing.

Consent is also a lawful basis in UK GDPR and would cover sharing where the individual has given clear consent for you to process their personal data for a specific purpose; e.g. provision of Early help services. The UK GDPR sets a high standard for consent to share information, and requires that it must be specific, time limited and able to be withdrawn.

Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement. Consent is one lawful basis for processing information, but there are five others. You must always choose the lawful basis that most closely reflects the true nature of your relationship with the individual and the purpose of the processing.

The UK GDPR does not contain specific provisions on capacity to consent, but issues of capacity are bound up in the concept of 'informed' consent. Generally, you can assume that adults have the capacity to consent unless you have reason to believe the contrary. However, you should ensure that the information you provide enables them to be fully informed.

Conditions for sensitive processing

To lawfully process special category data, you must identify both a lawful basis under Article 6 of the UK GDPR and a separate condition for processing under Article 9. Article 9 contains 10 conditions which allow the processing of special category data. These include explicit consent and also 'substantial public interest'. Schedule 1, Part 2 of the Data Protection Act 2018 details what would be covered by the substantial public interest condition, and this includes the safeguarding of children and individuals at risk (18(1)):

The processing is necessary for the purposes of:

  • Protecting an individual from neglect or physical, mental or emotional harm; or
  • Protecting the physical, mental or emotional well-being of an individual.

The individual is:

  • Aged under 18; or
  • Aged 18 or over and at risk.

Where there is a clear risk of significant harm to a child, or serious harm to adults the basis on which you can share information - including sensitive information - is therefore clear. In other cases, for example, neglect, the indicators may be more subtle and appear over time. In these cases, decisions about what information to share, and when, may be more difficult to judge. Practitioners should discuss with their line manager or designated safeguarding lead the need to share information when there are concerns about a child or young person. The information shared should be proportionate and a record should be kept of what has been shared, with whom and for what purpose and the reasoning behind it.

Working Together to Safeguard Children provides the following Myth-busting guide to information sharing.

Sharing information enables practitioners and agencies to identify and provide appropriate services that safeguard and promote the welfare of children. Below are common myths that may hinder effective information sharing.

Data protection legislation is a barrier to sharing information

No – the Data Protection Act 2018 and GDPR do not prohibit the collection and sharing of personal information, but rather provide a framework to ensure that personal information is shared appropriately. In particular, the Data Protection Act 2018 balances the rights of the information subject (the individual whom the information is about) and the possible need to share information about them.

Consent is always needed to share personal information.

No – you do not necessarily need consent to share personal information. Wherever possible, you should seek consent and be open and honest with the individual from the outset as to why, what, how and with whom, their information will be shared. You should seek consent where an individual may not expect their information to be passed on. When you gain consent to share information, it must be explicit, and freely given. There may be some circumstances where it is not appropriate to seek consent, because the individual cannot give consent, or it is not reasonable to obtain consent, or because to gain consent would put a child’s or young person’s safety at risk.

Personal information collected by one organisation/agency cannot be disclosed to another.

No – this is not the case unless the information is to be used for a purpose incompatible with the purpose for which it was originally collected. In the case of children in need, or children at risk of significant harm, it is difficult to foresee circumstances where information law would be a barrier to sharing personal information with other practitioners.

The common law duty of confidence and the Human Rights Act 1998 prevent the sharing of personal information.

No – this is not the case. In addition to the Data Protection Act 2018 and GDPR, practitioners need to balance the common law duty of confidence and the Human Rights Act 1998 against the effect on individuals or others of not sharing the information.

IT Systems are often a barrier to effective information sharing.

There are many IT systems that support the sharing of information, such as the Child Protection Information Sharing project (CP-IS). It is important that the sector continues to work with IT suppliers to ensure that their user needs around information sharing are factored into priorities for system enhancement.

There are seven golden rules for information sharing which should be followed by all organisations working with and providing services for children and their families: (see Information sharing: advice for practitioners providing safeguarding services (July 2018)).

  1. Remember that the Data Protection Act and human rights laws are not barriers to justified information sharing but provide a framework to ensure that personal information about living individuals is shared appropriately;
  2. Be open and honest with the individual (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so;
  3. Seek advice from other practitioners if you are in any doubt about sharing the information concerned, without disclosing the identity of the individual where possible;
  4. Share with informed consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, there is good reason to do so, such as where safety may be at risk. You will need to base your judgment on the facts of the case. When you are sharing or requesting personal information from someone, be certain of the basis upon which you are doing so. Where you have consent, be mindful that an individual might not expect information to be shared;
  5. Consider safety and well-being: Base your information sharing decisions on considerations of the safety and wellbeing of the individual and others who may be affected by their actions;
  6. Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely (Practitioners must always follow their organisation's policy on security for handling personal information);
  7. Keep a record of your decision and the reasons for it - whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.

Source: Information sharing: advice for practitioners providing safeguarding services (July 2018).

Information on children and families can be held in many different ways, including in case records or electronically on a variety of IT systems which are accessible to different practitioners. Information may be shared face-to-face, over the telephone or via secure email. Whenever information is shared, a record of this should be made in the individual's record and the information should not be kept any longer than is necessary. In some rare circumstances, this may be indefinitely, but if this is the case, there should be a review process scheduled at regular intervals to ensure data is not retained where it is unnecessary to do so.

Each situation should be considered on a case-by-case basis. Professionals should always seek advice from senior colleagues, including the Data Protection Officer and legal services, where clarity is required.

Working Together to Safeguard Children includes a Myth-busting guide to information sharing that states:

You do not need consent to share personal information. It is one way to comply with the data protection legislation, but not the only way. The GDPR provides a number of bases for sharing personal information. It is not necessary to seek consent to share information for the purposes of safeguarding and promoting the welfare of a child provided that there is a lawful basis to process any personal information required.

The legal bases that may be appropriate for sharing data in these circumstances could be 'legal obligation' or 'public task' which includes performance of a task in the public interest or the exercise of official authority. Each of the legal bases under GDPR has different requirements.

In some circumstances, it may be appropriate to obtain consent to share data, but it is important to note that UK GDPR sets a high standard for consent which is specific, time limited and can be withdrawn (in which case the information would have to be deleted).

It continues to be good practice to be transparent and to inform parents/carers that you are sharing information for these purposes and seek to work co-operatively with them. Practitioners should therefore usually inform parents/carers (and the child depending on their age and level of understandings) that they are going to make a referral.

However, referrals can be made without first informing parents/carers where to do so would place a child at risk.

Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers supports frontline practitioners working in child services who have to make decisions about sharing personal information on a case-by-case basis. The guidance can be used to supplement local guidance and encourage good practice in information sharing'.

Sharing information is essential to enable early intervention to help children, young people and families who need additional services to achieve positive outcomes, thus reducing inequalities between disadvantaged children and others. These services could include additional help with learning, specialist health services, help and support to move away from criminal or anti-social behaviour, or support for parents in developing parenting skills.

Information sharing is also vital to safeguarding and promoting the welfare of children and young people. A key factor in many serious case reviews has been a failure to record information, to share it, to understand the significance of the information shared, and to take appropriate action in relation to known or suspected abuse or neglect.

We know that practitioners recognise the importance of information sharing and that there is much good practice. But practitioners also tell us that in some situations they feel constrained from sharing information by their uncertainty about when they can do so lawfully. This guidance aims to provide clarity on that issue.

It is important that practitioners:

  • Are supported by their employers in working through these issues;
  • Understand what information is and is not confidential, and the need in some circumstances to make a judgment about whether confidential information can be shared, in the public interest, without consent;
  • Understand and apply good practice in sharing information at an early stage as part of preventative work;
  • Are clear that information can normally be shared where you judge that a child or young person is at risk of suffering significant harm or that an adult is at risk of serious harm.

All agencies should have:

  • Arrangements in place that set out clearly the processes and the principles for sharing information. The arrangement should cover how information will be shared within their own organisation/agency; and with others who may be involved in a child’s life;
  • All practitioners should not assume that someone else will pass on information that they think may be critical to keeping a child safe;
  • If a practitioner has concerns about a child’s welfare and considers that they may be a child in need or that the child has suffered or is likely to suffer significant harm, then they should share the information with local authority children’s social care and/or the police;
  • All practitioners should be particularly alert to the importance of sharing information when a child moves from one local authority into another, due to the risk that knowledge pertinent to keeping a child safe could be lost;
  • All practitioners should aim to gain consent to share information but should be mindful of situations where to do so would place a child at increased risk of harm. Information may be shared without consent if a practitioner has reason to believe that there is good reason to do so, and that the sharing of information will enhance the safeguarding of a child in a timely manner. When decisions are made to share or withhold information, practitioners should record who has been given the information and why;
  • A systematic approach within their agency to explaining to children, young people and families when they first access the service how and why information may be shared, which will build the confidence of all involved;
  • Clear systems, standards and protocols for sharing information. These may derive from their agency's policies, any local protocols in place, or from their professional code of conduct;
  • Access to training where they can discuss issues which concern them and explore case examples with other practitioners;
  • A source of advice and support on information sharing issues;
  • The statutory guidance on section 11 of the Children Act 2004 states that in order to safeguard and promote children's welfare, the agencies covered by section 11 should make arrangements to fulfil these duties.

In deciding whether there is a need to share information you need to consider your legal obligations including:

  1. Whether the information is confidential; and
  2. If it is confidential, whether there is a public interest sufficient to justify sharing.

Not all information is confidential. Confidential information is information of some sensitivity, which is not already lawfully in the public domain or readily available from another public source, and which has been shared in a relationship where the person giving the information understood that it would not be shared with others. For example, a teacher may know that one of her pupils has a parent who misuses drugs. That is information of some sensitivity but may not be confidential if it is widely known or it has been shared with the teacher in circumstances where the person understood it would be shared with others. If however, it is shared with the teacher by the pupil in a counselling session, for example, it would be confidential.

Confidence is only breached where the sharing of confidential information is not authorised by the person who provided it or to whom it relates. If the information was provided on the understanding that it would be shared with a limited range of people or for limited purposes, then sharing in accordance with that understanding will not be a breach of confidence. Similarly, there will not be a breach of confidence where there is explicit consent to the sharing.

Even where sharing of confidential information is not authorised, you may lawfully share it if this can be justified in the public interest. Seeking consent should be the first option, if appropriate. Where consent cannot be obtained to the sharing of the information or is refused, or where seeking it is likely to undermine the prevention, detection or prosecution of a crime, the question of whether there is a sufficient public interest must be judged by the practitioner on the facts of each case. Therefore, where you have a concern about a child or young person, you should not regard refusal of consent as necessarily precluding the sharing of confidential information.

A public interest can arise in a wide range of circumstances, for example, to protect children or other people from harm, to promote the welfare of children or to prevent crime and disorder. There are also public interests, which in some circumstances may weigh against sharing, including the public interest in maintaining public confidence in the confidentiality of certain services. The key factor in deciding whether or not to share confidential information is proportionality, i.e. whether the proposed sharing is a proportionate response to the need to protect the public interest in question. In making the decision you must weigh up what might happen if the information is shared against what might happen if it is not, and make a decision based on a reasonable judgment.

It is not possible to give guidance to cover every circumstance in which sharing of confidential information without consent will be justified. Practitioners must make a judgment on the facts of the individual case. Where there is a clear risk of significant harm to a child, or serious harm to adults, the public interest test will almost certainly be satisfied. However there will be other cases where practitioners will be justified in sharing some confidential information in order to make decisions on sharing further information or taking action - the information shared should be proportionate.

It is possible however to identify some circumstances in which sharing confidential information without consent will normally be justified in the public interest. These are:

  • When there is evidence that the child is suffering or is at risk of suffering significant harm; or
  • Where there is reasonable cause to believe that a child may be suffering or at risk of significant harm; or
  • To prevent significant harm arising to children and young people or serious harm to adults, including through the prevention, detection and prosecution of serious crime.

For the purposes of this guidance, serious crime means any crime which causes or is likely to cause significant harm to a child or young person or serious harm to an adult.

There is an increasing emphasis on integrated working across children's services so that support for children, young people and families is provided in response to their needs. The aim is to deliver more effective intervention at an earlier stage to prevent problems escalating and to increase the chances of a child or young person achieving positive outcomes. In some areas there is increased use of multi-agency services, for example in children's centres to support child health.

Whether the integrated working is across existing services or through specific multi-agency structures, success depends upon effective partnership working between universal services (such as education and primary health care) and targeted and specialist services for those children, young people and families at risk of poor outcomes. Preventative services working in this way will be more effective in identifying concerns about suffering significant harm, for example as a result of abuse or neglect. However, in most situations children, young people and family members will require additional services in relation to education, health, behaviour, parenting, or family support, rather than intervention to protect the child or young person from harm or to prevent or detect serious crime.

Effective preventative services of this type will usually require active processes for identifying children and young people at risk of poor outcomes, and passing information to those delivering targeted support. Practitioners sometimes express concern about how this can be done lawfully.

Seeking consent should be the first option. Practitioners in universal, targeted and specialist services, including multi-agency services, should proactively inform children, young people and families, when they first engage with the service, about their service's policy on how information will be shared, and seek their consent. The approach to sharing information should be explained openly and honestly. Where this is done, young people and families will be aware how their information may be shared, and experience shows that most will give consent.

Information which is not confidential may generally be shared where that is necessary for the legitimate purposes of preventative work. Where information is confidential, however, and consent is refused, that should be respected, unless in the practitioner's professional judgment on the facts of the case, the public interest justifies the sharing of information.

It is critical that all practitioners working with children and young people are in no doubt that where they have reasonable cause to suspect that a child or young person may be suffering or may be at risk of suffering significant harm, they should always consider referring their concerns to children's social care. While, in general, you should seek to discuss any concerns with the family and, where possible, seek their agreement to making referrals to children's social care, this should only be done where such discussion and agreement-seeking will not place a child at increased risk of suffering significant harm or lead to interference with any potential investigation. The child's interests must be the overriding consideration in making any such decisions.

In some situations there may be a concern that a child or young person may be suffering or at risk of significant harm or of causing serious harm to others, but you may be unsure whether what has given rise to your concern constitutes 'a reasonable cause to believe'. In these situations, the concern must not be ignored. You should always talk to someone to help you decide what to do - a lead person on child protection, a Caldicott guardian, or a discussion with a trusted colleague or another practitioner who knows the child. The decision, to share information or not, should be recorded.

Agencies requesting information from others should clarify the purpose of seeking the information, and what is the legal basis of the requests. For example, social workers seeking information should clarify whether they are acting under Section 17 or Section 47 of the Children Act 1989, or under some other statutory duty.

When considering sharing information, professionals will need to consider the issues addressed above concerning:

  • The power to disclose;
  • The duty to disclose;
  • Issues of consent.

The interests of accuracy and of recording the reasons for sharing information will normally be best served by putting the information in writing. It will also be helpful to indicate whether the party sharing the information feels it should not be disclosed to the service user, or parent, as most records are now accessible to service users unless exempted for a specific reason, such as the likelihood of causing serious harm. In urgent situations, information will need to be shared verbally, but should then if possible be followed up and confirmed in writing.

Agencies should have clear and public policies covering the storage and retention of information, and access by service users and others acting on their behalf to such records. Particular attention must be paid to the security of information which has been obtained from other agencies or professionals.

Each Probation Delivery Unit (PDU)166 should have arrangements in place with children’s social care for exchanging information. This includes responding to information sharing requests from local authorities regarding prospective foster carers and adoptive parents. If an offender who poses a risk to an identified child moves to another address which is in a different local authority, the probation practitioner should ensure the local authority where the offender lives is made aware. Probation should share the details of the offender and the identified child at risk.

Every NEL SCP should play a strong role in supporting information sharing between and within organisations and addressing any barriers to information sharing. This should include ensuring that a culture of information sharing is developed and supported as necessary by multi-agency training. 

It is a joint function of the delegated safeguarding partners of the implementation of effective information sharing arrangements between agencies, including data sharing that facilitates joint analysis between partner agencies.

The SCP Annual report of the effectiveness of local arrangements should provide an  overview of how data is being used to encourage learning within the arrangements and evidence of how information sharing has improved practice and outcomes

The core legislation underpinning the work of the NEL SCP is the Children Act 2004, which provides a comprehensive framework for the care and protection of children. Detailed statutory guidance is also contained in Working Together to Safeguard Children 2015.

Under section 14B of the Children Act 2004, the NEL SCPB can require a person or body to comply with a request for information. This can only take place where the information requested is for the purpose of enabling or assisting the NEL SCP to perform its functions. This includes information required in respect of the Serious Case Review, Child Death Review and the Allegations Management Any request for information about individuals must be necessary and proportionate to the reasons for the request. The NEL SCP should be mindful of the burden of requests and should explain why the information is needed. 

Information requested by the NEL SCP from schools as part of the allegations management process

NEL SCP will make requests for information from the School Children Protection Officer (SCPO). The request will be made by secure e-mail to the SCPO, where this facility is not available the request will be sent in an encrypted or password protected document. Passwords will be provided to SCPO under separate arrangements.

When making a request for information about individuals, the Safeguarding unit will only ask for the information that is 'necessary' and 'proportionate' to the purposes of the NEL SCP as allowed by section 14B of the Children Act 2004.

Answering requests for information made on behalf of the NEL SCPP

School Children Protection Officer (SCPO) should answer the requests by secure e-mail / MoveIT, where this facility is not available the response should be sent in an encrypted or password protected document. Passwords must be provided to the Safeguarding unit under separate arrangements.

Secure transfer of NEL SCP information. NEL SCP information will be transferred to School Children Protection Officer either at NEL SCP meetings or by secure e-mail, where this facility is not available the response should be sent in an encrypted or password protected document, with passwords provided to under separate arrangements.

Security and protection of NEL SCPP information

Schools must ensure that all NEL SCP case records are kept secure and protected at all times to prevent unauthorised access or loss. Clear screen and desk policies should be in place. Information should be stored in folders restricted to authorised users, or in locked storage areas or cabinets. Encrypted USBs can be used for the purpose of secure transportation, but not long-term storage. Documents taken out of the secure environment must be placed in closable folders, and remain with the designated officer at all times, they must never be left unattended.

Retention and disposal of NEL SCP case records: The primary records for the NEL SCP will be held by North East Lincolnshire Council’s Safeguarding unit. The records held by schools will be secondary records and should be retain for as long as is necessary to meet their business requirements. In most cases this should be no longer than the school year following the 25th birthday of the pupil. All NEL SCPB case records held by schools must be disposed of by controlled secure methods, it is recommended that this is either by cross cut shredding or incineration.

Corporate Parenting - Looked After Children

Where North East Lincolnshire Council is the ‘corporate parent’ for the looked after children in its care, they will receive the same information in relation to the child’s education from the school as would any other parent or guardian with parental responsibility for a child. North East Lincolnshire Council will not seek from the school any information it is not entitled to.

The Data Protection Act 2018 / General Data Protection Regulation (GDPR):

The Data Protection Principles requires that personal data shall be:

  1. Processed lawfully, fairly and in a transparent manner in relation to individuals ('lawfulness, fairness and transparency');
  2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes ('purpose limitation');
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation');
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy');
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals ('storage limitation');
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').

The Data Protection Act and GDPR also provides individuals with the following rights in relation to their personal data:

  1. The right to be informed;
  2. The right of access;
  3. The right to rectification;
  4. The right to erasure;
  5. The right to restrict processing;
  6. The right to data portability;
  7. The right to object;
  8. Rights in relation to automated decision making and profiling.

A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information sharing. The Guardian plays a key role in ensuring that the NHS, Local Authority Social Services Departments and partner organisations satisfy the highest practicable standards for handling patient identifiable information.

The Seven Caldicott Principles are:

  1. Justify the purpose(s) for using confidential information;
  2. Don't use personal confidential data unless it is absolutely necessary;
  3. Use the minimum necessary personal confidential data;
  4. Access to personal confidential data should be on a strict need-to-know basis;
  5. Everyone with access to personal confidential data should be aware of their responsibilities; 6. Comply with the law;
  6. Comply with the law;
  7. The duty to share information can be as important as the duty to protect patient confidentiality.

These are applicable to children’s services and health services. They have more recently been extended into councils with social care responsibilities, in order to provide a framework for working within the Data Protection Act and to promote appropriate information sharing.

Every local Health Service and children’s services has its own Caldicott Guardian, to provide advice and guidance on appropriate information sharing. 

For North East Lincolnshire Council, the Caldicott Guardian can be contacted on transparency@nelincs.gov.uk.

The power to disclose information is central to the Act's partnership approach. The Police have an important general power under common law to disclose information for the prevention, detection and reduction of crime. However, some other public bodies that collect information may not previously have had power to disclose it to the Police and others. This section puts beyond doubt the power of any organisation to disclose information to Police authorities, local authorities, Probation Provider, Health Authorities, or to persons acting on their behalf, so long as such disclosure is necessary or expedient for the purposes of crime prevention. These bodies also have the power to use this information.

The Domestic Violence Disclosure Scheme (DVDS) commenced on 8 March 2014. The DVDS gives members of the public a formal mechanism to make enquires about an individual who they are in a relationship with, or who is in a relationship with someone they know, where there is a concern that the individual may be violent towards their partner. This scheme adds a further dimension to the information sharing about children where there are concerns that domestic violence and abuse is impacting on the care and welfare of the children in the family.

Members of the public can make an application for a disclosure, known as the 'right to ask'. Anybody can make an enquiry, but information will only be given to someone at risk or a person in a position to safeguard the victim. The scheme is for anyone in an intimate relationship regardless of gender.

Partner agencies can also request disclosure is made of an offender's past history where it is believed someone is at risk of harm. This is known as 'right to know'.

If a potentially violent individual is identified as having convictions for violent offences, or information is held about their behaviour which reasonably leads the police and other agencies to believe they pose a risk of harm to their partner, a disclosure will be made.

For further information, see the Metropolitan Police website.

Everyone has the right to respect for their private and family life, home and correspondence. 

There shall be no interference by a public authority with the exercise of this right except such as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of rights and freedoms of others. 

The issue of age assessment in social work with asylum seeking young people remains controversial and has been something that Children’s social care have struggled with since the millennium. The ADCS Asylum Task Force has worked with the Home Office to provide two new jointly agreed documents, as detailed below. These documents are offered as practice guidance, by way of assistance to local authorities and their partners. The use of the proforma and consent form is voluntary. The content does not, nor does it seek to, be binding on local authorities. It is simply a recommended approach.

See ADCS Age Assessment Information Sharing for UASC.

The Child Sex Offender Review (CSOR) Disclosure Scheme is designed to provide members of the public with a formal mechanism to ask for disclosure about people they are concerned about, who have unsupervised access to children and may therefore pose a risk. This scheme builds on existing, well established third-party disclosures that operate under the Multi-Agency Public Protection Arrangements (MAPPA).

Police will reveal details confidentially to the person most able to protect the child (usually parents, carers or guardians) if they think it is in the child's interests.

The scheme has been operating in all 43 police areas in England and Wales since 2010. The scheme is managed by the Police and information can only be accessed through direct application to them.

If a disclosure is made, the information must be kept confidential and only used to keep the child in question safe. Legal action may be taken if confidentiality is breached. A disclosure is delivered in person (as opposed to in writing) with the following warning:

  • That the information must only be used for the purpose for which it has been shared i.e. in order to safeguard children;
  • The person to whom the disclosure is made will be asked to sign an undertaking that they agree that the information is confidential and they will not disclose this information further;
  • A warning should be given that legal proceedings could result if this confidentiality is breached. This should be explained to the person and they must sign the undertaking. See: GOV.UK, Child sex offender disclosure scheme guidance.

If the person is unwilling to sign the undertaking, the police must consider whether the disclosure should still take place.

The Police, Crime, Sentencing and Courts Act 2022 requires ‘specified authorities’ for a local government area to work together and plan to prevent and reduce serious violence, including identifying the kinds of serious violence that occur in the area, the causes of that violence (so far as it is possible to do so), and to prepare and implement a Strategy for preventing, and reducing serious violence in the area.

‘Specified’ authorities are:

  • Police;
  • Probation Services;
  • Youth Offending Teams;
  • Integrated Care Boards;
  • Local authorities.

To recognise the importance of effective multi-agency information sharing, the Serious Violence Duty legislation includes specific provisions to support partners to share information, intelligence and knowledge to prevent and reduce serious violence. 

These provisions create information-sharing gateways to permit disclosure to a specified authority of information held by specified authorities, local policing bodies and educational, prison or youth custody authorities and to enable local policing bodies to request information from specified authorities, educational authorities, prison or youth custody authorities within its police force area, or any other local policing body for the purposes of the Serious Violence Duty.  The provisions will not replace existing data sharing agreements or protocols that are already established. The new information-sharing gateways for the purposes of the Serious Violence Duty are intended to enable the sharing of relevant data where existing powers alone would not be sufficient.

Section 16 Police, Crime, Sentencing and Courts Act 2022 provides a permissive information-sharing gateway that enables specified authorities, local policing bodies (PCCs or equivalents), educational, prison and youth custody authorities to disclose information to each other for the purposes of their functions under the Serious Violence Duty.  Information-sharing to support effective collaboration with partnerships should be considered carefully and in line with data protection requirements ensuring that any disclosure is necessary and proportionate for the proposed purpose.

Personal information may be disclosed under section 16 by specified authorities (with the exception of health or social care authorities), local policing bodies (PCCs or equivalents), educational, prison and youth custody authorities. Any sharing of personal information must comply with data protection legislation (most importantly, the Data Protection Act 2018).  There are restrictions on the disclosure of patient information and/or personal information by health or social care authorities.

The powers permit requests to be made for sharing information, or for information to be shared pro-actively, but do not oblige any specified authority to share information (either pro-actively or following a request).

Section 17 Police, Crime, Sentencing and Courts Act 2022 creates a power for local policing bodies (PCCs and equivalents) to request any specified authority and any educational, prison or youth justice authority within its police force area to supply it with such information as it may specify for the purpose of its functions relating to the Serious Violence Duty.

For more information see Serious Violence Duty - Preventing and Reducing Serious Violence: Statutory Guidance for Responsible Authorities.

Last Updated: August 5, 2024

v47