8.1 Information Sharing
- General Data Protection Regulations (GDPR)
- Myth-busting guide to information sharing
Effective sharing of information between practitioners and local organisations and agencies is essential for early identification of need, assessment and service provision to keep children safe.
Missed opportunities to record, understand the significance of and share information in a timely manner can have severe consequences for the safety and welfare of children.
Information should be shared as early as possible to help identify, assess and respond to risks or concerns about the safety and welfare of children, whether this is when problems are first emerging, or where a child is already known to local authority children’s social care (e.g. they are being supported as a child in need or have a child protection plan).
Information should also be shared about any adults with whom that child has contact, which may impact the child’s safety or welfare.
Information sharing is also essential for the identification of patterns of behaviour when a child has gone missing, when multiple children appear associated to the same context or locations of risk, or in relation to children in the secure estate where there may be multiple local authorities involved in a child’s care.
Fears about sharing information must not be allowed to stand in the way of the need to promote the welfare, and protect the safety, of children, which must always be the paramount concern. To ensure effective safeguarding arrangements:
Under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), to share information effectively:
General Data Protection Regulations (GDPR)
The Partnership has considered what changes are required to the Procedures to ensure compliance with the General Data Protection Regulations (GDPR) - implemented through the Data Protection Act 2018. We have taken into consideration guidance from the Information Commissioner’s Office [ICO] which says: ‘The biggest change is for public authorities, who now need to consider the new ‘public task’ basis first for most of their processing, and have more limited scope to rely on consent or legitimate interests’. As a result, the Partnership recommends that ‘legal obligation’ and ‘public task’ (as defined in the GDPR) are relied on as the primary basis for processing information to establish whether or not there is a need to safeguard the welfare of a child. This means that, whilst families will be informed when personal data is being shared or processed, their consent is not required.
The significance of this change is that it is no longer necessary to seek consent to share information for the purposes of safeguarding and promoting the welfare of a child (i.e. removing the distinction between information sharing for the purposes of assessing need or child protection). It does, of course, continue to be good practice to inform parents / carers that you are sharing information for these purposes and to seek to work cooperatively with them. Agencies should also ensure that parents / carers are aware that information is shared, processed and stored for these purposes.
The Working Together Guidance published in July 2018 by the Department for Education, continues to emphasise the use of consent. The BSCP is working to ensure that the approach taken in these Procedures is consistent with the Data Protection Act 2018, the guidance published by the ICO and the statutory guidance published by the Department for Education. In the meantime, references to consent and information sharing in the Procedures will be highlighted with a link to the advice above. In addition, the information sharing protocol has been withdrawn pending a full revision in line with the new legislation.
Myth-busting guide to information sharing
Sharing information enables practitioners and agencies to identify and provide appropriate services that safeguard and promote the welfare of children. Below are common myths that may hinder effective information sharing.
Data protection legislation is a barrier to sharing information
No – the Data Protection Act 2018 and GDPR do not prohibit the collection and sharing of personal information, but rather provide a framework to ensure that personal information is shared appropriately. In particular, the Data Protection Act 2018 balances the rights of the information subject (the individual whom the information is about) and the possible need to share information about them.
Consent is always needed to share personal information
No – you do not necessarily need consent to share personal information. Wherever possible, you should seek consent and be open and honest with the individual from the outset as to why, what, how and with whom, their information will be shared. You should seek consent where an individual may not expect their information to be passed on. When you gain consent to share information, it must be explicit, and freely given. There may be some circumstances where it is not appropriate to seek consent, because the individual cannot give consent, or it is not reasonable to obtain consent, or because to gain consent would put a child’s or young person’s safety at risk.
Personal information collected by one organisation/agency cannot be disclosed to another
No – this is not the case, unless the information is to be used for a purpose incompatible with the purpose for which it was originally collected. In the case of children in need, or children at risk of significant harm, it is difficult to foresee circumstances where information law would be a barrier to sharing personal information with other practitioners.
The common law duty of confidence and the Human Rights Act 1998 prevent the sharing of personal information
No – this is not the case. In addition to the Data Protection Act 2018 and GDPR, practitioners need to balance the common law duty of confidence and the Human Rights Act 1998 against the effect on individuals or others of not sharing the information.
IT Systems are often a barrier to effective information sharing
No – IT systems, such as the Child Protection Information Sharing project (CP-IS), can be useful for information sharing. IT systems are most valuable when practitioners use the shared data to make more informed decisions about how to support and safeguard a child.
Information sharing is vital to safeguarding and promoting the welfare of children and young people. The following documents will provide further information about effective information sharing.
BSCP Multi-Agency Information Sharing Code of Practice
Seven Golden Rules of Information Sharing
HM Government - Information Sharing Advice for Practitioners