07.2 Confidentiality, recording and sharing information

Most things that happen between the family, the child and the setting are confidential to the setting. In certain circumstances information is shared, for example, a child protection concern will be shared with other professionals including social care or the police, and settings will give information to children’s social workers who undertake S17 or S47 investigations. Normally parents should give informed consent before information is shared, but in some instances, such as if this may place a child at risk, or a serious offence may have been committed, parental consent should not be sought before information is shared. Local Safeguarding Partners (LSP) procedures should be followed when making referrals, and advice sought if there is a lack of clarity about whether or not parental consent is needed before making a referral due to safeguarding concerns.

· Staff discuss children’s general progress and well-being together in meetings, but more sensitive information is restricted to designated persons and key persons and shared with other staff on a need-to-know basis.

· Members of staff do not discuss children with staff who are not involved in the child’s care, nor with other parents or anyone else outside of the organisation, unless in a formal and lawful way.

· Discussions with other professionals should take place within a professional framework, not on an informal basis. Staff should expect that information shared with other professionals will be shared in some form with parent/carers and other professionals, unless there is a formalised agreement to the contrary, i.e. if a referral is made to children’s social care, the identity of the referring agency and some of the details of the referral is likely to be shared with the parent/carer by children’s social care.

· It is important that members of staff explain to parents that sometimes it is necessary to write things down in their child’s file and explain the reasons why.

· When recording general information, staff should ensure that records are dated correctly and the time is included where necessary, and signed.

· Welfare/child protection concerns are recorded on a Safeguarding report form.. Information is clear and unambiguous (fact, not opinion), although it may include the practitioner’s thoughts on the impact on the child.

· Records are non-judgemental and do not reflect any biased or discriminatory attitude.

· Not everything needs to be recorded, but significant events, discussions and telephone conversations must be recorded at the time that they take place.

· Recording should be proportionate and necessary.

· When deciding what is relevant, the things that cause concern are recorded as well as action taken to deal with the concern. The appropriate recording format is filed within the child’s file.

·  Information shared with other agencies is done in line with these procedures.

· Where a decision is made to share information (or not), reasons are recorded.

· Staff may use a computer to type reports, or letters. Where this is the case, the typed document is deleted from the computer and only the hard copy is kept.

· The setting is registered with the Information Commissioner’s Office (ICO). Staff are expected to follow guidelines issued by the ICO, at https://ico.org.uk/for-organisations/guidance-index/ 

· Additional guidance in relation to information sharing about adults is given by the Social Care Institute for Excellence, at www.scie.org.uk/safeguarding/adults/practice/sharing-information

· Staff should follow guidance including Working Together to Safeguard Children (DfE 2018); Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers 2018 and What to do if you’re Worried a Child is Being Abused (HMG 2015)

Confidentiality definition

• Personal information of a private or sensitive nature, which is not already lawfully in the public domain or readily available from another public source, and has been shared in a relationship, where the person giving the information could reasonably expect it would not be shared with others.

· Staff can be said to have a ‘confidential relationship’ with families. Some families share information about themselves readily; members of staff need to check whether parents regard this information as confidential or not.

· Parents sometimes share information about themselves with other parents as well as staff; the setting cannot be held responsible if information is shared beyond those parents whom the person has confided in.

· Information shared between parents in a group is usually bound by a shared agreement that the information is confidential and not discussed outside. The setting manager is not responsible should that confidentiality be breached by participants.

· Where third parties share information about an individual; staff need to check if it is confidential, both in terms of the party sharing the information and of the person whom the information concerns.

· Information shared is confidential to the setting.

· Educators ensure that parents/carers understand that information given confidentially will be shared appropriately within the setting (for instance with a designated person, during supervision) and should not agree to withhold information from the designated person or their line manager.

Breach of confidentiality

· A breach of confidentiality occurs when confidential information is not authorised by the person who provided it, or to whom it relates, without lawful reason to share.

· The impact is that it may put the person in danger, cause embarrassment or pain.

· It is not a breach of confidentiality if information was provided on the basis that it would be shared with relevant people or organisations with lawful reason, such as to safeguard an individual at risk or in the public interest, or where there was consent to the sharing.

· Procedure 07.1 Children’s records and data protection must be followed.

Exception

· GDPR enables information to be shared lawfully within a legal framework. The Data Protection Act 2018 balances the right of the person about whom the data is stored with the possible need to share information about them.

· The Data Protection Act 2018 contains “safeguarding of children and individuals at risk” as a processing condition enabling “special category personal data” to be processed and to be shared. This allows educators to share without consent if it is not possible to gain consent, if consent cannot reasonably be gained, or if gaining consent would place a child at risk.

· Confidential information may be shared without authorisation - either from the person who provided it or to whom it relates, if it is in the public interest and it is not possible or reasonable to gain consent or if gaining consent would place a child or other person at risk. The Data Protection Act 2018 enables data to be shared to safeguard children and individuals at risk. Information may be shared to prevent a crime from being committed or to prevent harm to a child, Information can be shared without consent in the public interest if it is necessary to protect someone from harm, prevent or detect a crime, apprehend an offender, comply with a Court order or other legal obligation or in certain other circumstances where there is sufficient public interest.

· Sharing confidential information without consent is done only in circumstances where consideration is given to balancing the needs of the individual with the need to share information about them.

· When deciding if public interest should override a duty of confidence, consider the following:

· is the intended disclosure appropriate to the relevant aim?

· what is the vulnerability of those at risk?

· is there another equally effective means of achieving the same aim?

· is sharing necessary to prevent/detect crime and uphold the rights and freedoms of others?

· is the disclosure necessary to protect other vulnerable people?

The decision to share information should not be made as an individual, but with the backing of the designated person who can provide support, and sometimes ensure protection, through appropriate structures and procedures.

Obtaining consent

Consent to share information is not always needed. However, it remains best practice to engage with people to try to get their agreement to share where it is appropriate and safe to do so.

Using consent as the lawful basis to store information is only valid if the person is fully informed and competent to give consent and they have given consent of their own free will, and without coercion from others, Individuals have the right to withdraw consent at any time.

You should not seek consent to disclose personal information in circumstances where:

someone has been hurt and information needs to be shared quickly to help them

obtaining consent would put someone at risk of increased harm

obtaining consent would prejudice a criminal investigation or prevent a person being questioned or caught for a crime they may have committed

the information must be disclosed regardless of whether consent is given, for example if a Court order or other legal obligation requires disclosure

NB. The serious crimes indicated are those that may harm a child or adult; reporting confidential information about crimes such as theft or benefit fraud are not in this remit.

· Settings are not obliged to report suspected benefit fraud or tax evasion committed by clients, however, they are obliged to tell the truth if asked by an investigator.

· Parents who confide that they are working while claiming should be informed of this and should be encouraged to check their entitlements to benefits, as they it may be beneficial to them to declare earnings and not put themselves at risk of prosecution.

Consent

· Parents share information about themselves and their families. They have a right to know that any information they share will be regarded as confidential as outlined in the Privacy notice. They should also be informed about the circumstances, and reasons for the setting being under obligation to share information.

· Parents are advised that their informed consent will be sought in most cases, as well as the circumstances when consent may not be sought, or their refusal to give consent overridden.

· Where there are concerns about whether or not to gain parental consent before sharing information, for example when making a Channel or Prevent referral the setting manager must inform their line manager for clarification before speaking to parents

· Consent must be informed - that is the person giving consent needs to understand why information will be shared, what will be shared, who will see information, the purpose of sharing it and the implications for them of sharing that information.

Separated parents

· Consent to share need only be sought from one parent. Where parents are separated, this would normally be the parent with whom the child resides.

· Where there is a dispute, this needs to be considered carefully.

· Where the child is looked after, the local authority, as ‘corporate parent’ may also need to be consulted before information is shared.

 

 

Age for giving consent

· A child may have the capacity to understand why information is being shared and the implications. For most children under the age of eight years in a nursery or out of school childcare context, consent to share is sought from the parent, or from a person who has parental responsibility.

· Young persons (16-19 years) are capable of informed consent. Some children from age 13 onwards may have capacity to consent in some situations. Where they are deemed not to have capacity, then someone with parental responsibility must consent. If the child is capable and gives consent, this may override the parent’s wish not to give consent.

· Adults at risk due to safeguarding concerns must be deemed capable of giving or withholding consent to share information about them. In this case ‘mental capacity’ is defined in terms of the Mental Capacity Act 2005 Code of Practice (Office of the Public Guardian 2007). It is rare that this will apply in the context of the setting.

Ways in which consent to share information can occur

· Policies and procedures set out the responsibility of the setting regarding gaining consent to share information, and when it may not be sought or overridden.

· Information in leaflets to parents, or other leaflets about the provision, including privacy notices.

· Consent forms signed at registration (for example to apply sun cream).

· Notes on confidentiality included on every form the parent signs.

· Parent signatures on forms giving consent to share information about additional needs, or to pass on child development summaries to the next provider/school.

Further guidance

Working Together to Safeguard Children (DfE 2018) www.gov.uk/government/publications/working-together-to-safeguard-children--2

Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers (HMG 2018) www.gov.uk/government/publications/safeguarding-practitioners-information-sharing-advice

What to do if you’re Worried a Child is Being Abused (HMG 2015) www.gov.uk/government/publications/what-to-do-if-youre-worried-a-child-is-being-abused--2

Mental Capacity Act 2005 Code of Practice (Office of the Public Guardian 2007) www.gov.uk/government/publications/mental-capacity-act-code-of-practice