Bernadette Malone – Chief Executive Perth and Kinross Council and Chair of GIRFEC National Implementation Working Group Alan Small -Information Sharing Lead Scottish Government GIRFEC Team Information Sharing

Every child should be Safe Healthy Achieving Nurtured Active Respected Responsible Included Named Person Support, Promote or Safeguard wellbeing Early Intervention Managing Concern Named Person becomes single point of contact

Information sharing must be – appropriate, proportionate, justified with reasons recorded practitioners need to reach a judgment about each specific child Information should be shared when a child’s wellbeing is at risk - to prevent concerns escalating - to ensure efficient and effective action when they do Consent is not a prerequisite to sharing information– it is good practice but should not be sought if you are relying on legal provisions to share

Getting data sharing right for every child David Freeland, Senior Policy Officer Information Commissioner’s Office #ICOScotland

Data Protection Principles Processed fairly and lawfully; Obtained only for one or more specified lawful purposes; Personal information must be…

Identify the organisation in control of processing The purpose, or purposes, for processing Any other information necessary, in the specific circumstances, to enable the processing to be fair Fair – privacy notices

Lawful – conditions for processing Personal data: Consent Contract Legal obligation Vital interests Administration of justice Public function in the public interest Legitimate interests of the data controller and third party but not prejudicial to individual Sensitive personal data: Explicit consent Employment law Vital interests Not-for-profit TU/religious/ political/philosophical groups Already in public domain Legal proceedings/advice Administration of justice Functions conferred by enactment Anti-fraud activity Medical purposes Equal opportunities monitoring Substantial public interest

Data Protection Principles Processed fairly and lawfully; Obtained only for one or more specified lawful purposes; Adequate, relevant and not excessive; Accurate and, where necessary, kept up to date; Kept for no longer than is necessary; Processed in accordance with individuals’ rights; Subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing, or the accidental loss, destruction, or damage to, personal data; Only transferred to a country or territory outside the EEA where adequate levels of protection for the rights and freedoms of individuals in relation to the processing of personal data can be ensured. Personal information must be…

Sharing personal data ReciprocalRegular EmergencyExceptional

Sharing personal information? What is the sharing meant to achieve? What is your legal basis for sharing? Should a data sharing agreement be in place? Will the sharing involve any transfers outside the EEA? Does your notification need to be updated? What information needs to be shared? When and how should sharing take place? Who requires access to the shared data? Are current fair processing notices adequate? How do you check objectives are being achieved? Factors to consider:

Data Sharing Code of Practice ICO is required by law to produce Approved by Secretary of State and UK Parliament Provides ‘good practice’ advice Not following Code is not necessarily a DPA breach Admissible in court proceedings

Data sharing agreements Structure Purpose of sharing Legal basis for sharing Partner organisations & points of contact Data to be shared Access & individuals’ rights Information governance arrangements: Datasets; accuracy; compatibility; retention and deletion; security; SARs; reviews; termination; appendices (glossary, templates, diagrams/decision trees)

ICO Statement Misconception that the Act prevents sharing so fear of non-compliance becomes a barrier The Act promotes lawful and proportionate information sharing A risk to wellbeing can be a strong indication that the child or young person could be at risk of harm if the immediate matter is not addressed Where a practitioner believes, in their professional opinion, that there is risk to a child or young person that may lead to harm, proportionate sharing of information is unlikely to constitute a breach of the Act Consent can be difficult and it should only be sought when the individual has real choice over the matter

ICO Statement The Act provides conditions to allow sharing of such information: functions of a public nature exercised in the public interest (Sch2) and functions conferred under an enactment (Sch3) Appropriate and relevant protocols conveyed to practitioners to provide a support mechanism for the decision making process The practitioner should use experience, professional instinct and all available information before they decide whether or not to share The Data Protection Act should not be viewed as a barrier to appropriate and proportionate sharing!

Keep in touch Scotland Office: 45 Melville Street Edinburgh EH3 7HL T: E: Subscribe to our e-newsletter at or find us #icoscotland /iconews

Information Sharing in Practice Getting it Right in Perth and Kinross Ross Drummond Child Protection Inter-Agency Coordinator 29 January 2014

Learning from Research & Scrutiny

Information Sharing Where are we now? “More work is now needed by chief officers and senior managers…… to remove barriers to helpful information- sharing when addressing early concerns”. (Care Inspectorate May 2013)

ICO Letter – Impact on Practice

Challenges & Feedback Misconceptions & Interpretations Child Protection v GIRFEC Thresholds Defining Wellbeing Consent Changing the Culture of Practice Single Agency Perspectives Size – Keeping it Real

Information Sharing Guide Published by Perth & Kinross CPC Focus on Wellbeing/GIRFEC/Keeping Safe Information Sharing/Confidentiality and Consent Presented as a Practitioner Q&A Published as a PDF/OnLine Toolkit Includes Electronic Links/Downloads Supported by ICO and GIRFEC Team

Opportunities – What Next? Implementation and Roll Out Practitioner Buy-In Embedding into Practice Promoting Children’s Rights Respecting Parental Rights Children and Young People (Scotland) Bill Developing the Guide and Toolkit Information Sharing Protocols

OnLine Practitioner’s Toolkit P&K OnLine Practitioner’s Toolkit Information Sharing, Confidentiality & Consent Confidentiality-and-Consent-in-Child-Protection--- Practitioners-Toolkit Tel:

Children and Young People (Scotland) Bill Wellbeing defined – SHANARRI – outcomes Rights Duties for integrated planning and individuals Named Person for every child Information Sharing Duties Single Planning Process

Questions?