Introduction
Information sharing in a safeguarding context means the appropriate and secure exchange of personal information between practitioners and other individuals with a responsibility for children to keep them safe from harm. Most information we know about children can and should be kept confidential, the principle of privacy and confidentiality is rightly important to us all, but there are times when information sharing about children is essential.
Deciding when and how to share information is not easy. Many child safeguarding practice reviews/serious case reviews have shown that professionals have difficulties with recording, sharing, discussing and analysing information to identify the needs of, or risks to, a child. Similar to constructing a jigsaw, it is often only when information from several sources has been shared that it becomes clear that a child has suffered, or is likely to suffer, significant harm.
Everyone must take responsibility for sharing information to keep children safe from harm. You must not assume someone else will pass on information.
Need more?
Thank you for visiting our resources pages. These are free to everyone as is our fortnightly safeguarding bulletin – general safeguarding information is too important to restrict. Become a member to access lots more, including training materials for you to deliver in-house on each topic in Keeping Children Safe in Education.
Sign up for FREE fortnightly bulletin.
What about training?
We can deliver training for your setting on this and other subjects via online platforms, or face-to-face in certain areas. Just get in touch to discuss your requirements.
The seven golden rules to information sharing
- All children have a right to be protected from abuse and neglect. Protecting a child from such harm takes priority over protecting their privacy, or the privacy rights of the person(s) failing to protect them.
- When you have a safeguarding concern, wherever it is practicable and safe to do so, engage with the child and/or their carer(s), and explain who you intend to share information with, what information you will be sharing and why.
- You do not need consent to share personal information about a child and/or members of their family if a child is at risk or there is a perceived risk of harm.
- Seek advice promptly whenever you are uncertain or do not fully understand how the legal framework supports information sharing in a particular case.
- When sharing information, ensure you and the person or agency/organisation that receives the information take steps to protect the identities of any individuals (e.g., the child, a carer, a neighbour or a colleague) who might suffer harm if their details became known to an abuser or one of their associates.
- Only share relevant and accurate information with individuals or agencies/organisations that have a role in safeguarding the child and/or providing their family with support, and only share the information they need to support the provision of their services.
- Record the reasons for your information-sharing decision, irrespective of whether or not you decide to share information.
(Adapted from the government guidance: Information Sharing: Advice for Practitioners providing safeguarding service to children, young people, parents and carers (2024))
Consent to share
Consent is about having the freedom and capacity to choose (e.g., saying yes when being pressured, coerced, or threatened is not consent). Consent may be explicit (when the person has been asked specifically to give consent for a certain piece of information to be shared) or implicit (for example, when a person has signed an agreement saying that information can be shared with certain agencies in the day to day course of their work – in this case, the agreement is there but it is not specific about what information can be shared and when).
Whichever type of consent is used, the consent should be informed consent. This means that the person giving consent understands what the information being shared is, why it is being shared, and what the implications of sharing and not sharing the information are. This may mean that you need to consider the ability (or capacity) of the person to give consent.
Speak to your DSL for further guidance and support.
Information usually needing consent to share
As the name suggests, personal information is just that, personal. Therefore, before sharing any information you need to be clear whether the information is classed as personal data (i.e., information that relates to an identified or identifiable individual).
Under the UK GDPR, personal data that is considered sensitive and needs more protection is called Special Category Data. This information might be:
- personal data revealing racial or ethnic origin;
- personal data revealing political opinions;
- personal data revealing religious or philosophical belief;
- personal data revealing trade union membership;
- genetic data;
- biometric data (where used for identification purposes);
- data concerning health;
- data concerning a person’s sex life; and
- data concerning a person’s sexual orientation.
If it is personal data you wish to share, then you must start by gaining consent to share the information, unless you have a more appropriate lawful basis on which to share. There are six lawful bases for sharing information set out in Article 6 of the UK GDPR.
No single basis is ’better’ or more important than the others and the basis most appropriate to use will depend on the type of organisation you work for, your purpose for sharing and the nature of your relationship with the person whose information you are sharing. Where there is an expectation on the part of the child or family that the duty of confidentiality applies, practitioners will need to consider the lawful basis for setting this aside, prior to making the decision about sharing information.
If you work in an education setting, it is likely that “public task” or “legal obligation” will be the most appropriate lawful basis for you to use when sharing information to safeguard or protect the welfare of a child (e.g., when exercising statutory duties regarding children under government guidance such as Keeping Children Safe in Education, Working Together to Safeguard Children, and other related guidance and legislation).
If you work with children and their families within the voluntary or private sectors, where your task, function or power does not have a clear basis in law, it is likely that the lawful basis of using “legitimate interests” may be more appropriate. (Refer to ICO 10-step guide for more information.)
Where the information to be shared is “special category data” it will also be necessary to find a condition for processing the information under Article 9 of the UK GDPR. Safeguarding children and individuals at risk is one of the substantial public interest conditions under which the sharing of special category data may be authorised under Article 9. Further guidance on the processing of special category data is available here.
It is always good practice to work in partnership with children and families, communicating effectively so that you have enough information to understand and be able to support them well. Trusted and transparent relationships are central to working with children and families.
This honest approach is also important when deciding whether to share information with other people, agencies or organisations about the children and families you are working with. If the person you are working with has a choice about whether and how their information is shared or used, you should make this clear to them.
Recording of decisions
If you decide to share information you must record your decision, the context in which the information was shared/not shared and the reasons for your decision.
Recording is important because there is a chance that someone will ask you or your employers why you chose to share or not share information. Such questions may not come immediately, and in some cases, these questions only arise many years later. Even if you are still working at your setting, it is likely that you will not remember why you made the decision you did, but if there is a clear record this will provide the required information.
Your setting will have its own policy on recordkeeping, but good practice suggests that you should record the date, time, what you were being asked to share, and:
- what information was shared and for what purpose;
- who it was shared with and when it was shared;
- your justification for sharing;
- whether the information was shared with or without consent.
Common myths
Adapted from the government guidance: Working Together to Safeguard Children
- The GDPR and Data Protection Act 2018 are barriers to sharing information – no. The GDPR and Data Protection Act 2018 don’t stop information sharing, but provide the means to make sure information is shared in the right way.
- Consent is always needed to share personal information – no. You should seek explicit consent whenever possible, but if (for reasons set out above) this is not possible, you can override the need for consent.
- Personal information collected by one organisation cannot be disclosed to another organisation – no. Unless the information is obviously irrelevant to what is happening, the need to safeguard children means there are no such barriers.
- The common law duty of confidence and the Human Rights Act 1998 prevent the sharing of personal information – no. These provide a framework by which information is shared, but often the risk to the child outweighs all else.
- IT systems are often a barrier to effective information sharing – no. IT systems can be an important tool when sharing information, but they should not overrule professional judgement.
Summary
Sharing information for safeguarding purposes can be justified solely based on preventing harm to a child. The sharing of this information is not dependant on any thresholds for intervention. For example, it is not necessary for a formal process under section 17 or section 47 of the Children Act 1989 to be invoked for information to be shared, provided that the sharing is necessary for organisations and agencies to safeguard a child at possible risk of harm.
It is only through sharing information that agencies or organisations and practitioners build a richer picture of the day-to-day life of the child and family they are working with.
Respect people’s personal data and right to privacy, but in the safeguarding context, have confidence to share information – trust your instincts and act on your training, experience and risk assessment skills. Seek guidance if in doubt.
DSL Training Materials
-
Presentation
-
Presenter Notes
-
Handout for staff
-
Information Sharing – Quiz
-
Information Sharing – Quiz (answers)
-
Information sharing scenario
-
Information Sharing Scenario – DSL information sheet
Resources
-
A 10-step guide to sharing information
-
Transition to university- sharing safeguarding concerns
-
Information sharing advice for safeguarding practitioners
-
Data protection: a toolkit for schools
-
Who knows what about me?
Save time and improve your safeguarding approach…
Bite-size training materials to share with your staff every month.
Support to explore and develop your safeguarding culture.
A huge array of resources and professional experience at your fingertips.
Get in touch now for a personal tour of the site and details of membership benefits.
Memberships start at just £99+VAT a term.
We look forward to working with you.