Getting it right for every child (GIRFEC) Practice Guidance 4 - Information sharing

This guidance aims to clarify the circumstances in which information can be shared with another agency, the considerations that need to be taken into account to ensure sharing information with another agency is appropriate, and the importance of involving children, young people and families.

2. Introduction

With the United Nations Convention on the Rights of the Child (UNCRC) (see glossary) as its foundation, Getting it right for every child (GIRFEC) provides Scotland with a consistent framework and shared language for promoting, supporting, and safeguarding the wellbeing of children and young people. GIRFEC is based on evidence, is internationally recognised and is an example of a child rights-based approach. It is locally embedded and positively embraced by practitioners across children’s services, changing culture, systems and practice for the benefit of children, young people and their families. However more needs to be achieved as we work towards Keeping The Promise to respect, protect and fulfil the rights of all children in Scotland.

Scotland must … ensure that the right information is shared at the right time and that those close to children are heard. The starting point for any decision must be how to best protect relationships that are important to children.

The Promise, the report of the Independent Care Review

Sharing relevant information at the right time is an essential part of promoting, supporting and safeguarding the wellbeing of children and young people, including protecting them from neglect or physical, mental or emotional harm. The Plan 21-24 is the first of three Plans providing Scotland with a clear outline of the priorities and actions required to Keep the Promise by 2030. Within this first set of priorities to be implemented by 2024, Scotland must be committed to ensure that:

“Organisations with responsibilities towards children and families will be confident about when, where, why and how to share information with partners. Information sharing will not be a barrier to supporting children and families.”

This guidance represents a significant milestone in delivering this.

This guidance is intended for practitioners and service leads in services that work with children, young people and families and focuses on information sharing. The Information Commissioner’s Office (ICO) provide detailed guidance on all aspects of data protection compliance for all sectors, including the Data sharing: a code of practice as well as Data sharing and children.

Processing of personal data (see glossary) by law enforcement organisations for specific law enforcement purposes (e.g. the Police investigating a crime) is outside the scope of this guidance.

When this guidance refers to information or data, it refers to personal information about living, identifiable people. This guidance promotes lawful, fair and proportionate information sharing that complies with all relevant legal requirements, by clarifying

  • The circumstances in which information can be shared with another organisation;
  • The considerations that need to be taken into account to ensure sharing information with another organisation is appropriate; and
  • The importance of involving children, young people and families in the decision to share information with another organisation.

The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 provide a framework to ensure that personal information is processed appropriately. Throughout this document, UK GDPR and DPA are referred to together as data protection legislation. Duties of confidentiality, the European Convention on Human Rights (ECHR) and UNCRC also apply to sharing information.

Data protection legislation enables fair and proportionate data sharing. It does not prevent or limit information sharing that is necessary and proportionate for the purpose of protecting children and young people from neglect or physical, mental or emotional harm.

These laws provide a framework in which information sharing can be carried out fairly and transparently, in a manner which respects the rights of the individuals concerned.

To support practitioners to work within and apply the law on information sharing, organisations should ensure that they have policies, procedures and guidance that provide the framework for lawful data processing, supported by accessible training, advice and supervision. This might include a data sharing agreement. Data sharing agreements set out the purpose of the data sharing, cover what happens to the data at each stage, set standards and help all parties involved in sharing to be clear about their roles and responsibilities. The ICO provide guidance on data sharing agreements (Data sharing agreements).

The information governance arrangements may vary between organisations depending on the nature and size and the types of personal data they are processing. For some organisations there may be a legal requirement to appoint a Data Protection Officer but for others this may not be the case. No matter who is sharing the data, robust policies and procedures should be in place. Organisations may benefit from joining a network or umbrella group that can provide support with information management processes and training. The ICO provide tools and guidance at Data sharing information hub.

Practitioners are not expected to have the same level of knowledge as data protection officers or information governance leads, but should understand when and how it is appropriate to share information, and when they may need to seek further advice. In these situations, membership of wider networks may be especially valuable for smaller organisations.

This guidance is not intended to cover all routine information sharing (e.g. names, addresses, provided by schools to the local authority). Processes for these should be established in information sharing agreements (see Data sharing: a code of practice).



Back to top