Skip to content
Company Logo

Information Sharing and Confidentiality

The Agency will ensure that all personal data it collects in relation to foster carers and their families, children in placements and employees is stored securely, and that when it is shared with other agencies this is done appropriately and in accordance with the law.

The Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) provide a legal framework to ensure that personal data which is collected and processed by organisations is done so fairly and lawfully, that it is accurate and relevant, stored securely (for no longer than necessary) and that, when it is shared, this is done appropriately and lawfully.

Personal Data - is the term used for information which could be used to identify a person (also sometimes called the 'data subject'). This includes for example, a person's name, address, or an identification / file number.

The UK GDPR and Data Protection Act 2018 also emphasise the need for organisations to be transparent and accountable in relation to their use of data. Therefore, the Agency must ensure they have comprehensive and proportionate arrangements in place for collecting, storing, and sharing information. This should also include arrangements for informing employees, foster carers and children and young people about the information it collects and how this may be shared with other organisations (for example in a privacy notice or children's guide).

The Manager must ensure that training on information sharing and confidentiality and the importance of accurate record keeping is provided for all new employees, foster carers and any volunteers as part of their induction. Refresher training should also be offered at appropriate intervals.

When working with children and families, effective sharing of information is essential for the early identification of need, in order to complete robust assessments and to provide services which are tailored to individual need. Keeping children safe from harm will require staff and foster carers to record, analyse, understand the significance of and share information about:

  • A child's health and development and exposure to possible harm;
  • Individuals (adults and other children / young people) who may pose a risk of harm to a child.

Agency staff and foster carers should be proactive and share information as early as possible where this will help to identify, assess and respond to risks or concerns about the safety and welfare of children. Information sharing is also essential for the identification of patterns of behaviour; for example when a child has gone missing or is at risk of going missing, and when multiple children appear associated to the same context or locations of risk (this would include for example, concerns around trafficking, Child Sexual Exploitation and Child Criminal Exploitation).

Often, it is only when information from a number of sources has been shared and is then put together, that it becomes clear that a child has suffered, or is likely to suffer, significant harm.

Staff and foster carers should not assume that someone else will pass on information that they think may be critical to keeping a child safe. Anyone who has concerns about a child's welfare and considers that they may be a Child in Need or that the child has suffered or is likely to suffer significant harm, should share these concerns with the child's allocated social worker and / or the Police or Children's Social Care.

Staff and foster carers should be particularly alert to the importance of sharing information when a child moves from one local authority area into another, due to the risk that knowledge pertinent to keeping a child safe could be lost - for example of a child moves to a new placement in another local authority area.

The Data Protection Act 2018 and UK GDPR do not prevent, or limit, the sharing of information for the purposes of keeping children safe. The UK GDPR provides a number of legal bases / reasons which set out when personal data can be shared between organisations. One of these bases is that the individual has consented to their information being shared. However, it is not necessary to seek consent to share information for the purposes of safeguarding and promoting the welfare of a child. This means that fears about sharing information must not be allowed to stand in the way of the need to promote the welfare, and protect the safety of, children.

Where there is a clear risk of significant harm to a child, or serious harm to adults staff and foster carers should be confident that they can (and should) share information.

Whenever any information is shared it should be proportionate, and a record should be kept of what has been shared, with whom and for what purpose and the reasoning behind it

  • Where possible, share information with consent of the data subject and where possible, respect the wishes of those who do not consent to having their information shared;
  • However, you may still share information without consent if, in your judgement, there is a lawful basis to do so, such as where the safety of a child or adult may be at risk. You will need to base your judgement on the facts of the case. When you are sharing or requesting personal information from someone, be certain of the basis upon which you are doing so;
  • Seek advice from other practitioners (such as a manager of the Agency) if you are in any doubt about sharing the information concerned, this should be done without disclosing the identity of the individual where possible;
  • Information sharing should always be necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, that it is shared only with those people who need to have it, that it is accurate and up-to-date, that it is shared in a timely fashion, and that is shared securely;
  • Keep a record of your decision and the reasons for it - whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.

See also: Seven Golden Rules for Information Sharing (DfE):

  1. Remember that the Data Protection Act 2018, UK General Data Protection Regulation (UK GDPR) and human rights law are not barriers to justified information sharing, but provide a framework to ensure that personal information about living individuals is shared appropriately;
  2. Be open and honest with the individual (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could, be shared, and seek their agreement, unless it is unsafe or inappropriate to do so;
  3. Seek advice from other practitioners if you are in any doubt about sharing the information concerned, without disclosing the identity of the individual where possible;
  4. Where possible, share information with consent, and where possible, respect the wishes of those who do not consent to having their information shared. Under the UK GDPR and Data Protection Act 2018 you may share information without consent if, in your judgement, there is a lawful basis to do so, such as where safety may be at risk. You will need to base your judgement on the facts of the case. When you are sharing or requesting personal information from someone, be clear of the basis upon which you are doing so. Where you do not have consent, be mindful that an individual might not expect information to be shared;
  5. Consider safety and well-being: base your information-sharing decisions on considerations of the safety and well-being of the individual and others who may be affected by their actions;
  6. Necessary, proportionate, relevant, adequate, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those individuals who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely;
  7. Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.

Whenever personal information is shared with another Agency, it should always be recorded.

If personal data is shared without the consent of the data subject or when there was no legal basis for the sharing, the Agency will carry out an investigation into the circumstances.

Breaches of confidentiality will be taken seriously and may result in action being taken for example a review of approval for foster carers or disciplinary action for staff.

Last Updated: February 16, 2022

v5