The Adult Support And Protection (Scotland) Act 2007 part 1: guidance for adult protection committees

Procedures, practice and information sharing

APC Terms of Reference

24. The Act allows APCs to regulate their own procedures. To enable APCs to meet their statutory duties, the committees should address those functions set out in section 42 of the Act, namely:

• reviewing adult protection procedure and practice;
• providing information and advice and making proposals;
• improving skills and knowledge; and
• all in the context of improving cooperation and communication between agencies.

These will need to be reflected terms of reference for the APC and any sub committees.

25. Since the implementation of the Act and the establishment of APCs a range of other developments in relation to the wider public protection agenda have achieved wider prominence and required multi-agency responses. The duty on councils to inquire into whether someone should be regarded as at risk of harm identifies many people who cannot be so regarded but who are nevertheless regarded as people in distress and who may require supports from a range of agencies. APCs should therefore ensure in such cases local procedures expect that people are offered or signposted to suitable services and to consider preventative options to avoid an adult's situation escalating to a point where they are or are likely to be at risk of harm.

26. In these and other areas APCs have become the man strategic forum in which these matters can be discussed. In doing so this reflects the interconnections between many aspects of public protection, and many of these will form agenda items on Chief Officer Groups.

27. Local Terms of Reference may therefore go beyond the statutory requirements of the Act, or allow APCs to address some matters not fully falling within the terms of the Act, if so approved by the APC.

Multi-agency procedures

28. APCs are required to keep under review the procedures and practices of the public bodies which relate to the safeguarding of adults at risk, and in particular any such procedures and practices which involve co-operation between the council and other public bodies. They will therefore have to ensure that procedures and practices as they relate to the named public bodies are both multi-agency and multi-disciplinary. These should address

• referral and initial response;
• inquiry including an investigatory stage if required;
• assessment and risk assessment;
• adult protection conferences and protection planning;
• risk and protection planning monitoring; and
• risk and protection plan review.

29. Inquiries under the Act can range from the relatively straightforward to highly complex and therefore require different levels of engagement. However local procedures should identify indicative timescales for completion of identified tasks.

Single agency procedures

30. Good practice will dictate that APCs should also monitor practice and quality relating to the protection of adults across agencies. Many agencies will have their own internal procedures, audit and monitoring systems. Where relevant to the responsibilities of the APC such procedures and systems should be advised to the committee.

Information sharing

31. Given the importance of co-operation and information sharing it is important for local agencies and APCs to participate fully in the promotion of a culture of information sharing where adults may require protection, whilst recognising human rights issues with respect to data protection and confidentiality. This will involve agency and APC activity both in individual cases, and in relation to sharing information on practice issues and performance. APCs will also want to consider the relationship between the statutory agencies and other service providers and to promote the adoption by service providers of the same practices in information sharing and co-operative working as are required of statutory agencies.

32. Existing legislation, including the UK General Data Protection Regulation - UK GDPR and the Data Protection Act 2018 does not prevent sharing and/or exchanging relevant information where there is belief or concern about the protection of adults at risk. In addition, an individual is lawfully able to share confidential information where disclosure is necessary to protect the individual or another third party in order to facilitate a 'public task'. This extends to all practitioners working with adults who may be at risk of harm, and also extends to participation in multi-agency audits. The Act provides a legal gateway for information sharing. Wherever possible, the adult who may be at risk should be informed of the sharing of the information and the reasons why. The information sharing must be necessary (i.e. proportionate and targeted) for the purpose of carrying out the task.

Where information contains special categories of personal data, having firstly identified a lawful basis for processing data , an additional condition (under Article 9 (2) of UK GDPR) must also be met in order to share data lawfully. Special Category data includes: Racial or ethnic origin; Political opinions; Religious or philosophical beliefs; Trade Union Membership; Genetic data; Biometric data (when used for ID purposes); Health (physical or mental); and, Sexual life or orientation. In the context of special category data, an individual should consider Article 9(2) UK GDPR together with paragraph 6 of Schedule 1 of the Data Protection Act 2018. These conditions do not replace or override the usual lawful basis for processing, they act as an additional layer of conditions on top of the usual rules. The Act specifically allows fordisclosure of information with or without consent where a person knows or believes an adult is at risk of harm. This information should be shared only with those who need to know, be proportionate to the harm it will prevent, and be relevant to the concern. Each case should be considered individually.

Many partnerships have circulated letters, signed by the Chief Officers, to staff of the main relevant public bodies locally (i.e. the Council, the Health Board and Police Scotland) affirming the position stated above, and advising their staff that their own agency will support them if they have shared personal information in these circumstances using their professional judgement. All partnerships should consider circulating such letters to their staff, confirming this position and the expectation as outlined in the section of the Code.