Information Sharing

1. All children have a right to be protected from abuse and neglect. Protecting a child from such harm takes priority over protecting their privacy, or the privacy rights of the person(s) failing to protect them. 
2. When you have a safeguarding concern, wherever it is practicable and safe to do so, engage with the child and/or their carer(s), and explain who you intend to share information with, what information you will be sharing and why. 
3. You do not need consent to share personal information about a child and/or members of their family if a child is at risk or there is a perceived risk of harm.
4. Seek advice promptly whenever you are uncertain or do not fully understand how the legal framework supports information sharing in a particular case. 
5. When sharing information, ensure you and the person or agency/organisation that receives the information take steps to protect the identities of any individuals (e.g., the child, a carer, a neighbour or a colleague) who might suffer harm if their details became known to an abuser or one of their associates.
6. Only share relevant and accurate information with individuals or agencies/organisations that have a role in safeguarding the child and/or providing their family with support, and only share the information they need to support the provision of their services. 
7. Record the reasons for your information-sharing decision, irrespective of whether or not you decide to share information.

(Adapted from the government guidance: Information Sharing: Advice for Practitioners providing safeguarding service to children, young people, parents and carers (2024))

Consent is about having the freedom and capacity to choose (e.g., saying yes when being pressured, coerced, or threatened is not consent). Consent may be explicit (when the person has been asked specifically to give consent for a certain piece of information to be shared) or implicit (for example, when a person has signed an agreement saying that information can be shared with certain agencies in the day to day course of their work – in this case, the agreement is there but it is not specific about what information can be shared and when). 

Whichever type of consent is used, the consent should be informed consent. This means that the person giving consent understands what the information being shared is, why it is being shared, and what the implications of sharing and not sharing the information are. This may mean that you need to consider the ability (or capacity) of the person to give consent. 

Speak to your DSL for further guidance and support.

As the name suggests, personal information is just that, personal. Therefore, before sharing any information you need to be clear whether the information is classed as personal data (i.e., information that relates to an identified or identifiable individual).

Under the UK GDPR, personal data that is considered sensitive and needs more protection is called Special Category Data. This information might be:

• personal data revealing racial or ethnic origin;
• personal data revealing political opinions;
• personal data revealing religious or philosophical belief;
• personal data revealing trade union membership;
• genetic data;
• biometric data (where used for identification purposes);
• data concerning health;
• data concerning a person’s sex life; and
• data concerning a person’s sexual orientation.

If it is personal data you wish to share, then you must start by gaining consent to share the information, unless you have a more appropriate lawful basis on which to share. There are six lawful bases for sharing information set out in Article 6 of the UK GDPR. 

No single basis is ’better’ or more important than the others and the basis most appropriate to use will depend on the type of organisation you work for, your purpose for sharing and the nature of your relationship with the person whose information you are sharing. Where there is an expectation on the part of the child or family that the duty of confidentiality applies, practitioners will need to consider the lawful basis for setting this aside, prior to making the decision about sharing information. 

If you decide to share information you must record your decision, the context in which the information was shared/not shared and the reasons for your decision.

Recording is important because there is a chance that someone will ask you or your employers why you chose to share or not share information. Such questions may not come immediately, and in some cases, these questions only arise many years later. Even if you are still working at your setting, it is likely that you will not remember why you made the decision you did, but if there is a clear record this will provide the required information.

Your setting will have its own policy on recordkeeping, but good practice suggests that you should record the date, time, what you were being asked to share, and:

• what information was shared and for what purpose;
• who it was shared with and when it was shared;
• your justification for sharing;
• whether the information was shared with or without consent.

Adapted from the government guidance: Working Together to Safeguard Children 

1. The GDPR and Data Protection Act 2018 are barriers to sharing information – no.  The GDPR and Data Protection Act 2018 don’t stop information sharing, but provide the means to make sure information is shared in the right way.
2. Consent is always needed to share personal information – no. You should seek explicit consent whenever possible, but if (for reasons set out above) this is not possible, you can override the need for consent.
3. Personal information collected by one organisation cannot be disclosed to another organisation – no. Unless the information is obviously irrelevant to what is happening, the need to safeguard children means there are no such barriers.
4. The common law duty of confidence and the Human Rights Act 1998 prevent the sharing of personal information – no.  These provide a framework by which information is shared, but often the risk to the child outweighs all else.
5. IT systems are often a barrier to effective information sharing – no.  IT systems can be an important tool when sharing information, but they should not overrule professional judgement.