- Personal information about children and families held by professionals and agencies is subject to a legal duty of confidentiality (Data Protection Act 1998) and should not normally be disclosed without the consent of the family. The law does however permit the disclosure of confidential information without permission if it is necessary to safeguard a child or children; this includes cases of Safeguarding.
- We recognise that all matters relating to child protection are confidential.
- All suspicions and investigations are kept confidential and shared only with those who need to know. The people most commonly involved will be the member of staff/key worker and the Pre-School Manager. Any information is shared under the guidance of the Local Safeguarding Children Board.
- All staff must be aware that they have a professional responsibility to share information with other agencies in order to safeguard children.
- All staff must be aware that they cannot promise a child to keep secrets which might compromise the child’s safety or well-being or that of another.
- When discussing concerns we may have with our local safeguarding board we understand that if they then ask for a name we will disclose those details and it will become a referral.
The Governments Information sharing Advice for practitioners providing safeguarding services to children, young people, parents and carers (2018) states the seven golden rules to sharing information:
1. Remember that the General Data Protection Regulation (GDPR), Data Protection Act 2018 and human rights law are not barriers to justified information sharing, but provide a framework to ensure that personal information about living individuals is shared appropriately.
2. Be open and honest with the individual (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so.
3. Seek advice from other practitioners, or your information governance lead, if you are in any doubt about sharing the information concerned, without disclosing the identity of the individual where possible.
4. Where possible, share information with consent, and where possible, respect the wishes of those who do not consent to having their information shared. Under the GDPR and Data Protection Act 2018 you may share information without consent if, in your judgement, there is a lawful basis to do so, such as where safety may be at risk. You will need to base your judgement on the facts of the case. When you are sharing or requesting personal information from someone, be clear of the basis upon which you are doing so. Where you do not have consent, be mindful that an individual might not expect information to be shared.
5. Consider safety and well-being: base your information sharing decisions on considerations of the safety and well-being of the individual and others who may be affected by their actions.
6. Necessary, proportionate, relevant, adequate, accurate, timely and secure: ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those individuals who need to have it, is accurate and upto-date, is shared in a timely fashion, and is shared securely (see principles).
7. Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.
When sharing the information if should be:
- Necessary and proportionate-When taking decisions about what information to share, you should consider how much information you need to release. Not sharing more data than is necessary to be of use is a key element of the GDPR and Data Protection Act 2018, and you should consider the impact of disclosing information on the information subject and any third parties. Information must be proportionate to the need and level of risk.
- Relevant-Only information that is relevant to the purposes should be shared with those who need it. This allows others to do their job effectively and make informed decisions.
- Adequate-Information should be adequate for its purpose. Information should be of the right quality to ensure that it can be understood and relied upon.
- Accurate-Information should be accurate and up to date and should clearly distinguish between fact and opinion. If the information is historical then this should be explained.
- Timely -Information should be shared in a timely fashion to reduce the risk of missed opportunities to offer support and protection to a child. Timeliness is key in emergency situations and it may not be appropriate to seek consent for information sharing if it could cause delays and therefore place a child or young person at increased risk of harm. Practitioners should ensure that sufficient information is shared, as well as consider the urgency with which to share it.
- Secure– Wherever possible, information should be shared in an appropriate, secure way. Practitioners must always follow their organisation’s policy on security for handling personal information.
- Recorded– Information sharing decisions should be recorded, whether or not the decision is taken to share. If the decision is to share, reasons should be cited including what information has been shared and with whom, in line with organisational procedures. If the decision is not to share, it is good practice to record the reasons for this decision and discuss them with the requester. In line with each organisation’s own retention policy, the information should not be kept any longer than is necessary. In some rare circumstances, this may be indefinitely, but if this is the case, there should be a review process scheduled at regular intervals to ensure data is not retained where it is unnecessary to do so.