The Department for Education (DfE) has published updated guidance - Information sharing: advice for practitioners providing safeguarding services.
The advice is for:
- individuals who are directly involved in safeguarding children, including frontline practitioners, managers and senior leaders
- individuals and organisations that work with children, parents, carers and families, in sectors such as social care, education, health, justice and voluntary
It may also be helpful for practitioners working with vulnerable adults and adults who could pose a risk to children.
The guidance tackles some of the common myths around UK GDPR and data protection.
The DfE helpfully confirms:
- the legislation does not prevent the sharing of information for the purposes of safeguarding children, and instead, provides a framework which enables information sharing when it is necessary, proportionate and justified to do so;
- consent is not usually the most appropriate lawful basis in a safeguarding context;
- the first and most important consideration is always whether sharing information is likely to support the safeguarding of a child.
We often receive queries around consent when officers want to act swiftly on sensitive information but view consent as a barrier. It is easy to confuse and conflate the different purposes, but consent to data sharing needs to be distinguished from consent to provide a service or to deliver medical treatment. There are other ways to demonstrate transparency and accountability, without relying on consent as the lawful basis for sharing safeguarding concerns.
The guidance also tackles the thorny issues around confidentiality and how practitioners should decide whether there is an overriding public interest that justifies sharing information - which would otherwise remain confidential.
Senior leaders are reminded of their responsibility to create an environment where practitioners feel confident about when and how to share information and to establish secure and effective systems and environments for sharing information. This means building strong relationships with other agencies and organisations, recognising that sharing and acting on that information early, helps to ensure individuals receive the right services at the right time and helps to prevent a risk or need from becoming more acute.
Whilst the guidance does not contain ‘new law’ it is a helpful resource for those who have received a safeguarding concern or are asked to identify, assess and respond to risks or concerns about children or vulnerable adults. Readers should come away familiar with and confident to implement the seven golden rules for sharing information:
- Protecting a child from such harm takes priority over protecting their privacy, or the privacy rights of the person(s) failing to protect them;
- Wherever it is practicable and safe to do so, engage with the child and/or their carer(s), and explain who you intend to share information with, what information you will be sharing and why;
- You do not need consent to share personal information about a child and/or members of their family if a child is at risk or there is a perceived risk of harm;
- Seek advice promptly whenever you are uncertain or do not fully understand how the legal framework supports information sharing in a particular case;
- When sharing information, ensure you and the person or agency/organisation that receives the information take steps to protect the identities of any individuals who might suffer harm if their details became known to an abuser or one of their associates;
- Only share relevant and accurate information with individuals or agencies/organisations that have a role in safeguarding the child and/or providing their family with support, and only share the information they need to support the provision of their services;
- Record the reasons for your information-sharing decision, irrespective of whether or not you decide to share information.
Professionals are reminded to apply their additional responsibilities, such as specific guidance prepared for those working in a medical setting or education.
For a more detailed walk-through of data protection considerations, the Information Commissioner Office also has a 10-step guide to sharing information to safeguard children.