Information Sharing December 2014

Conwy and Denbighshire Local Service Board Betsi Cadwaladr University Local Health Board Community & Voluntary Support Conwy Community Housing Cymru (Cartrefi Conwy currently representing other registered social landlords) Conwy County Borough Council Denbighshire County Council Denbighshire Voluntary Service Council Grŵp Llandrillo Menai Natural Resource Wales North Wales Fire & Rescue North Wales Police Public Health Wales Snowdonia National Park Authority Welsh Government

Why is information sharing so important? Baby P Lord Laming report (Victoria Climbie / Sohame) Report identified 5 positive outcomes: Be healthy Stay safe Enjoy and achieve Make a positive contribution Achieve economic well-being

How can this be achieved? Practitioners need to work together Intervene earlier Have the tools to enable them to do this Lawful Information sharing is one important tool This toolkit has been developed to enable partners to achieve this

Information Sharing… Importance of inter-agency information sharing Lord Laming report in the Baby P case – almost all serious case reviews conclude the child has been ‘let down’ by a failure to share information. Professor Munro Review of Child Protection – A Child Centered System, now advocating that a one size fits all approach is not the way forward. Local innovation and inter agency working, with less systems not more!

Munro Report & Central Government Response: “ “Effective information sharing between agencies is essential if children and young people are to receive the help they need.” Central Government agrees with Professor Munro that information which could help to protect children is not always appropriately shared between key professionals and agencies. Decisions about what information to share, and when to share it, can require difficult and complex judgments. Having additional data and IT systems does not always make these decisions easier.

Welsh Government Sharing Personal Information (SPI) programme. Welsh Accord on Sharing Personal Information (WASPI) Framework Scottish Accord on Sharing Personal Information (SASPI) Framework

Wales Accord on the Sharing of Personal Information (WASPI)

What Is WASPI? A framework for organisations to share personal identifiable information between them, in a lawful and intelligent way It is for the routine, agreed and regular sharing of personal information, for a specified purpose and for the benefit of individuals – not for ad-hoc requests It is not for intra-organisational sharing or for the sharing of aggregated, de-personalised or anonymised information Provides a practical approach to working together

Who is WASPI for? For organisations involved in the protection, safety, health, education and social welfare of the people in Wales This includes statutory, private and voluntary sector organisations A Practical Approach to Information Sharing

WASPI and SPI How Does WASPI Link Into The Welsh Government’s Sharing Personal Information programme? Key element of the Sharing Personal Information Sharing Programme (SPI) The ‘single’ information sharing framework for Wales

Benefits of WASPI What are the Benefits Of Using WASPI? Provides Service Users with an improved service Encourages safe, secure and relevant information sharing Helps to overcome legal complexities and misunderstandings Provides compliance with the Information Commissioner’s Data Sharing Code of Practice and other recognised standards Helps promote the need for regular sharing between public service organisations Helps guide Practitioners and staff around the information they can and cannot share – provides confidence ‘Once for Wales’ – reduces duplication of effort

WASPI Has your organisation signed up to the Accord? By signing the Accord, you will have agreed to: Work to a common approach for the sharing of personal information with other public and voluntary sector organisations; Develop supporting local Information Sharing Protocols (ISP) using the WASPI template and guidance; Raise staff awareness regarding the organisation’s responsibilities. The latest version of the WASPI guidance and supporting documentation, can be accessed at

WASPI What Is An Information Sharing Protocol (ISP)? An ISP documents the: processes for sharing personal information specific purposes served people it impacts upon relevant legislative powers information that is to be shared and with whom consent process involved operational procedures process for review

Plus posters containing key messages from the guidance, an updated set of training materials and a set of ‘How To…’ guides. Information Sharing Guidance: Products

Information Sharing Core presentation Mar 2009 Formal endorsements

What is Information Sharing? Systematic routine personal information sharing between organisations that is shared for an established purpose. OR 2. Exceptional, one off decisions to share data for any range of purposes.

Powers to share for Public Authorities Is there an express legal power to share? These are referred to as ‘gateways’ and are usually very specific. If not, is there an implied legal power to share? Often the legislation regulating a public body’s activities is silent on the issue of data sharing. Is the sharing reasonably incidental to the express power permitting the activity? The question to ask is do I have the power to share? SEE GATEWAY TABLE IN THE TOOLKIT

Human Rights Act and Right to have Privacy Respected Must be Human Rights compliant Article 8 is NOT an absolute right it is ‘The right to respect for his private and family life, his home and his correspondence’ This is especially relevant to sharing personal data As it is not an absolute right, public authorities are permitted to interfere with it, if it is lawful and proportionate to do so

Data Protection Act 1998 The DPA is NOT a barrier to sharing information - it is a framework for appropriate sharing. The disclosure must comply with the DPA Schedules 2 and 3 of the Act apply Are the conditions for processing (e.g. sharing) satisfied? Personal data – schedule 2 Sensitive personal data – schedule 2 and 3 DPA exemptions allowing disclosure

ICO Data Sharing Code of Practice Factors to consider: What is the sharing meant to achieve? What information needs to be shared? Who requires access to the shared personal data? When should it be shared? How should it be shared? How can we check the sharing is achieving its objectives? What risk does the data sharing pose? Could the objective be achieved without sharing the data or by anonymising it? Will I need to update my notification?

Systematic Data Sharing Data Sharing Checklist – Systematic Data Sharing Scenario: You want to enter into an agreement to share personal data on an ongoing basis Is the sharing justified? Key points to consider: What is the sharing meant to achieve? Have you assessed the potential benefits and risks to individuals and/or society of sharing or not sharing? Is the sharing proportionate to the issue you are addressing? Could the objective be achieved without sharing personal data?

Systematic Data Sharing Do you have the Power to Share? Key points to consider: The type of organisation you work for Any relevant functions or powers of your organisation The nature of the information you have been asked to share (for example was it given in confidence?) Any legal obligation to share information (for example a statutory requirement or a court order)

Systematic Data Sharing If you Decide to Share Data – It is good practice to have a data sharing agreement in place. Speak to your WASPI Facilitator In addition to considering the key points above, your data sharing agreement should cover the following issues: What information needs to be shared The organisations that will be involved What you need to tell people about the data sharing and how you will communicate that information Measures to ensure adequate security is in place to protect the data What arrangements need to be in place to provide individuals with access to their personal data if they request it Agreed common retention periods for the data Processes to ensure secure deletion takes place

Data Sharing – One Off Requests Scenario: You are asked to share personal data relating to an individual in ‘one off’ circumstances. Is the sharing justified? Key points to consider: Do you think you should share the information? Have you assessed the potential benefits and risks to individuals and/or society of sharing or not sharing? Do you have concerns that an individual is at risk of serious harm? Do you need to consider an exemption in the DPA to share?

One Off Requests Do you have the power to share? Key points to consider: The type of organisation you work for Any relevant functions or powers of your organisation. The nature of the information you have been asked to share (for example was it given in confidence?) Any legal obligation to share information (for example a statutory requirement or a court order)

One Off Requests If you Decide to Share Key points to consider: What information do you need to share? Only share what is necessary Distinguish fact from opinion How should the information be shared? Information must be shared securely Ensure you are giving information to the right person Consider whether it is appropriate/safe to inform the individual that you have shared their information

One Off Requests Recording your Decision Record your data sharing decision and your reasoning – whether or not you shared the information If you share information you should record: What information was shared and for what purpose Who it was shared with When it was shared Your justification for sharing Whether the information was shared with or without consent.

One Off Requests “ An Information Sharing Protocol is not a useful tool for managing the ad hoc information sharing which all practitioners find necessary. Most importantly it is not intended to be a substitute for professional judgment which an experienced practitioner will use in those cases and should not be used to replace that judgement” Information Commissioners Officer

Thank you for listening Quiz Quiz Case Studies Case Studies Any questions? Any questions?