Child Protection and Information Sharing

Professional Information Sharing for Safeguarding Children and Young People

 

Introduction

In many cases, practitioners will need to share information with other practitioners, or with other people involved in a child or young person’s life,  to meet the needs of that child or young person.  Data protection law is not a barrier to information sharing in fact, it provides a framework for information to be shared lawfully, securely and transparently.

Service’s across Forth Valley (e.g. social work, education, health, police, third sector partners) process personal information to fulfil statutory duties in safeguarding and promoting the wellbeing of children and young people.

It applies to all professionals working under Getting It Right for Every Child (GIRFEC) framework and in accordance with the Data Protection Act 2018 (UK GDPR) and the National Child Protection Guidance for Scotland 2021 (revised 2023).

 

Legal and national policy framework

The important pieces of legislation, policy and guidance on data protection and information sharing are:

  • Data Protection Act 2018 and the General Data Protection Regulation (GDPR)
  • Human Rights Act 1998
  • United Convention on the Rights of the Child
  • Children and Young People (Scotland) Act 2014
  • Scottish Government GIRFEC Guidance
  • National Guidance for Child Protection in Scotland 2021 (revised 2023).

Sharing personal information without consent may be justified if it is necessary to prevent significant harm or ensure the protection of a child or young person.

 

When Consent Is Not Required

Consent is not required when:

  • There is a concern about significant harm or risk of harm to a child
  • Information sharing is necessary to protect a child’s vital interests
  • Seeking consent may increase risk to the child or others (e.g. domestic abuse scenarios)
  • The data sharing is carried out under statutory duties and formal inter-agency agreements

Professionals must use professional judgment and follow relevant multi-agency protocols (e.g. IRD procedures, Child Protection Guidance).

 

Principles for Information Sharing

All sharing must be:

  • Necessary and proportionate
  • Relevant and limited to what is required
  • Accurate and up to date
  • Shared securely and only with those who need to know
  • Clearly recorded, including the legal basis, purpose, and parties involved

Key practical rules for information sharing

  1. Data protection is not a barrier to sharing proportionate information about children and young people and their families – rather, data protection legislation provides a framework for ensuring that information is shared, used kept and disposed of appropriately in line with your service’s information governance policies. You may need to share information within your organisation (for example, between social work and education services) or with another organisation (for example, between the Council and the Health Board). The same principles apply.
  2. Proportionate information sharing means that you only share information where it is necessary and relevant, and only with those who need to know it. Make sure that any information shared is accurate and that it is shared securely in line with your service’s information governance policies.
  3. Be open and honest with the child or young person (and their family where appropriate) right from the start about how you will use and share their information. If there is any change to how you will use or share their information, you need to discuss that with them. You should have written privacy notices in place to help explain what you do, but face-to-face discussions are important, and provide the opportunity for questions. And there will be cases where you need to share information without discussion (for example, where there are child protection concerns).
  4. Do not ask for consent to share information if you intend to share that information anyway. Instead, be open with the child or young person, and their family where appropriate, about what you will share and the reasons for that.
  5. Take advice if you need it. Practitioners are best placed to make professional judgements about whether to share information, based on the particular facts. But take a second opinion from your manager, or take advice from information governance or legal colleagues where you are unsure.
  6. Consider safety and well-being – base your information sharing decisions on considerations on the safety and well-being of the child or young person and others who may be affected by their actions. The consequences of not sharing appropriate information are usually worse than the consequences of sharing too little or no information.
  7. Keep a record of your decision and the reasons for it – whether it is to share information, or not to share. If you decide to share, record what you have shared, with whom and for what purpose. Another practitioner may reach a different decision on the same facts, but you are unlikely to be criticised for making a well-reasoned, recorded decision which you consider to be in the best interests of the child.

 

Recording and Retention

Professionals must record:

  • What information was shared
  • Why it was shared (or not shared)
  • With whom and under what legal basis
  • Whether consent was sought, given, refused, or overridden

Records must be maintained in line with your agency’s data protection and child protection policies.

 

Data Subjects’ Rights

Parents, carers, and young people (depending on age and capacity) have rights under data protection law, including:

  • The right to access their personal data
  • The right to request correction of inaccurate data
  • The right to know how their data is used

However, these rights may be limited where disclosure would prejudice the prevention or detection of crime or risk harm to another individual.

Guidance on sharing information:
Key Information Sharing Principles for GIRFEC