Working Together to Safeguard Children 2018 states:
"Effective sharing of information between practitioners and local organisations and agencies is essential for early identification of need, assessment and service provision to keep children safe. Serious case reviews (SCRs) have highlighted that missed opportunities to record, understand the significance of and share information in a timely manner can have severe consequences for the safety and welfare of children.
Practitioners should be proactive in sharing information as early as possible to help identify, assess and respond to risks or concerns about the safety and welfare of children, whether this is when problems are first emerging, or where a child is already known to local authority children's social care (e.g. they are being supported as a child in need or have a child protection plan). Practitioners should be alert to sharing important information about any adults with whom that child has contact, which may impact the child's safety or welfare.
Information sharing is also essential for the identification of patterns of behaviour when a child is at risk of going missing, when multiple children appear associated to the same context or locations of risk, or in relation to children in the secure estate where they may be multiple local authorities involved in a child's care. It will be for local safeguarding partners to consider how they will build positive relationships with other local areas to ensure that relevant information is shared in a timely and proportionate way.
The Data Protection Act 2018 and General Data Protection Regulations (GDPR) do not prevent the sharing of information for the purposes of keeping children safe. Fears about sharing information must not be allowed to stand in the way of the need to promote the welfare and protect the safety of children. To ensure effective safeguarding arrangements:
- all organisations and agencies should have arrangements in place that set out clearly the processes and the principles for sharing information. The arrangement should cover how information will be shared within their own organisations/agency and with others who may be involved in a child's life.
- all practitioners should not assume that someone else will pass on information that they think may be critical to keeping a child safe. If a practitioner has concerns about a child's welfare and considers that they may be a child in need or that the child has suffered or is likely to suffer significant harm, then they should share the information with local authority children's social care and/or the police. All practitioners should be particularly alert to the importance of sharing information when a child moves from one local authority into another, due to the risk that knowledge pertinent to keeping a child safe could be lost.
- the GDPR provides a number of bases for sharing personal information. It is not necessary to seek consent to share information for the purposes of safeguarding and promoting the welfare of a child provided that there is a lawful basis to process any personal information required. The legal bases that may be appropriate for sharing data in these circumstances could be 'legal obligation' or 'public task' which includes the performances of a task in the public interest or the exercise of official authority. Each of the lawful bases under GDPR has different requirements. In some circumstances, it may be appropriate to obtain consent to share data but it is important to note that the GDPR sets a high standard for consent which is specific, time limited and can be withdrawn (in which case the information would have to be deleted).
Practitioners must have due regard to the relevant data protection principles which allow them to share personal information, as provided for in the Data Protection Act 2018 and the GDPR. To share information effectively:
- all practitioners should be confident of the lawful bases and processing conditions under the Data Protection Act 2018 and the GDPR which allow them to store and share information including information which is considered sensitive, such as health data, known under the data protection legislation as 'special category personal data'.
- where practitioners need to share special category personal data, for example, where information obtained is sensitive and needs more protection, they should always consider and identify the lawful basis for doing so under Article 6 of the GDPR, and in addition be able to meet one of the specific conditions for processing under Article 9. In effect, the Data Protection Act 2018 contains 'safeguarding of children and individuals at risk' as a processing condition that allows practitioners to share information, including without consent (where in the circumstances consent cannot be given, it cannot be reasonably expected that a practitioner obtains consent or if to gain consent would place a child at risk). However, practitioners should be mindful that a data protection impact assessment for any type of processing which is likely to be high risks must be completed, and therefore aware of the risks of processing special category data.
Kent and Medway Information Sharing Agreement
We have now joined the Kent and Medway Information Sharing Agreement. The agreement provides openness and transparency in information sharing, as well as appropriate governance and support, which assists us to share personal information lawfully, safely, and securely.
Information Commissioner's Office 10 Step Guide to Sharing Information to Safeguard Children
The Information Commissioner's Office (ICO) have produced a 10 step guide on data protection considerations when sharing personal information for child safeguarding purposes. It aims to help you feel confident about sharing information when you need to safeguard a child or young person at risk of harm.