Risk assessment and interventions for victims of domestic abuse: consultation response analysis

Question 6: Information Sharing Protocols

What protocols need to be put in place to ensure effective information sharing between agencies?

The sixth question in this consultation asked:

What protocols need to be put in place to ensure effective information sharing between agencies?

Responses to this question addressed a number of areas, each of which will be addressed in turn:

1. What the outcomes of the information sharing protocols should be

2. Who responsibility for the protocols should lie with

3. Key characteristics that the protocols should have

4. Key content that the protocols should cover

5. Principles that should govern what information is shared

6. Other comments

1. What the outcomes of the information sharing protocols should be

Many respondents made proposals for what they felt that the outcomes of the Information Sharing Protocols (ISPs) should be. One comment suggested that these should be explicitly stated within the Protocols themselves.

Trust and confidence for victims

Several respondents felt that improving the trust and confidence that victims have in the multi-agency response to domestic abuse should be a key outcome of the ISPs. Some respondents noted that this is currently a significant concern for victims involved in the process, and may contribute to higher attrition rates. In particular, it was thought that victims should understand how their information is being shared, feel that they have control over this, and be assured that their information is being shared safely and in line with the principles outlined below (point 5).

‘Any information sharing must be done in a way which protects the dignity of women and children who are seen as being at high-risk through someone else’s behaviour and who already have little control over their own lives and have no say in whether their information is discussed within these forums. Through our participation in multi-agency forums we have experience of information which is not relevant being shared, off these forums being used to challenge the veracity of what women are reporting because of agencies previous experiences with women.’

– Fife Women’s Aid

Trust and confidence between partners

Equally, many respondents felt that ISPs should also increase mutual trust and confidence between partners involved in the multi-agency work. An ISP could help assure them that information is being shared safely, in a consistent manner and in line with General Data Protection Regulations (GDPR), and that it will be used for the purpose intended. One respondent suggested that it is important for staff to feel that any decisions to share information will be fully supported by their organisation.

Safety

Responses highlighted a need to ensure that information sharing promotes victim safety. Ensuring that information is shared in the first place when the victim’s safety could be compromised by not doing so, and ensuring that information sharing does not put the victim at increased risk, were both considered important.

Consistency

Respondents highlighted a need for consistency in information sharing across Scotland, noting that inconsistency could lead to increased risk, particularly in the case of perpetrators moving between different areas.

Minimised barriers

A key outcome of ISPs should be reduced barriers to information sharing, according to responses. In particular, it was noted that there are ongoing difficulties with information sharing between third sector partners and the Police (or other statutory organisations).

Lawfulness

Respondents were keen that ISPs help ensure that information sharing is always conducted in a lawful manner. Partners should be clear about the lawful basis on which information is shared in each instance.

2. Who responsibility for the protocols should lie with

It was suggested that responsibility for Information Sharing Protocols should lie with the steering or governance groups overseeing this multi-agency work.

3. Key characteristics that the protocols should have

National

Several responses endorsed the production of national Information Sharing Protocols, to promote consistent information sharing throughout Scotland.

Local

While the benefits of national protocols were highlighted, other responses also suggested that ISPs should be local, or that both national and local protocols are required. The Information Commissioner’s Office recommended that Scottish Government produce a ‘high-level national data sharing protocol’, informed by a Data Protection Impact Assessment, which could ‘provide a framework for more detailed local data sharing arrangements’.

Up-to-date

Respondents suggested that ISPs should be regularly reviewed and updated.

Signed up to by all partners

Several respondents suggested that ISPs should be signed off, perhaps annually, by all partners involved in the multi-agency work. One comment proposed that they should be supported by the head of each organisation.

Aligned with service protocols

One response proposed ensuring that ISPs are aligned with service protocols.

Human rights compliant

It was also proposed that ISPs should be compliant with human rights.

4. Key content that the protocols should cover

Consent

Respondents suggested that the protocols should cover how to obtain consent to share personal information, as well as appropriate procedures for when an individual has not consented to their data being shared. Indeed, it was also proposed that there may be some instances in which it may in fact put the victim at greater risk to seek consent. One respondent, however, felt that personal data should only be shared when written consent has been given.

Source of information

Some respondents suggested that the source of any information that is shared, handled or stored should be recorded.

Storage

Responses recommended that ISPs address the safe storage of information, including secure IT and email systems.

Sharing both within and outside meetings

Several responses suggested that ISPs should set out how information can be safely shared both within and outside of multi-agency meetings. It was felt that there are significant benefits of being able to share information outside or ahead of meetings – either to take more immediate action to protect high-risk victims’ safety, or to intervene before a case reaches the risk threshold for full multi-agency intervention.

Sharing between statutory and third sector organisations

As noted above, respondents highlighted existing issues with sharing information between statutory/public and third sector organisations, and suggested that protocols should address this. The ICO noted that whether a given agency is a public body or a third or private sector body might impact on the lawful basis or the lawfulness of certain types of data sharing.

Roles of all partners

Respondents advised that ISPs set out the role that all multi-agency partners should play in information sharing. It was suggested that Police, healthcare staff, social services and specialist domestic abuse workers should all conduct relevant background checks on the individuals involved. One response suggested that not only should all partners be signatories to the ISP, but that they should also sign a confidentiality agreement at each meeting they attend. It was noted that the ISPs should also set out the procedure for partners to withdraw.

Complaints and breaches

It was proposed that ISPs should address what to do in the event of complaints or breaches related to information sharing.

GDPR

Many respondents felt that it would be helpful for ISPs to set out specific guidelines on compliance with the General Data Protection Regulations, particularly to allay concerns around the rights of perpetrators and to ensure that GDPR does not create barriers to effective information sharing.^[3]

Links to Adult and Child Protection procedures

It was suggested that ISPs for multi-agency working in response to domestic abuse should link to protocols established for Child and Adult Protection procedures.

Disclosure of LGBT identity

Responses suggested that ISPs include specific guidelines around disclosure of LGBT identity. It was noted that while in some cases it may be relevant and necessary to share information pertaining to a victim’s sexual orientation or gender identity, this should as far as possible be done with the victim’s full understanding and consent.

LGBT Youth Scotland specifically highlighted legal obligations around disclosure of transgender identities:

‘Professionals are often unaware of the duty placed on them under the Gender Recognition Act 2004 not to disclose the transgender identity of service users without explicit consent, and most are not aware that to do so can constitute a criminal act. It is therefore essential that this information is included in any guidance produced. In addition, it should be made clear that outing an LGBT person without consent is bad practice, and could be discriminatory under the Equality Act 2010.’

– LGBT Youth Scotland

However, Stonewall Scotland added that:

‘While this offence [under Section 22 of the Gender Recognition Act 2004] does not apply where the disclosure is for the purpose of preventing or investigating crime, there is uncertainty as to whether this would extend to safeguarding issues, such as protecting individuals at risk of harm from domestic abuse. Guidance should make practitioners should be aware of this legislation and their responsibilities under it.’

– Stonewall Scotland

Prioritising victim protection over perpetrator confidentiality

Several responses suggested that ISPs should address concerns about sharing perpetrator’s personal information without their consent, and the legal basis on which this might be done in order to promote the safety of the victim.

Documentation

It was suggested that ISPs also cover the use of any particular documentation required as a part of the information sharing process.

5. Principles that should govern what information is shared

Duty to prevent harm

As with risk assessments, it was suggested that ISPs should be grounded in a duty to prevent harm.

Focused on risk

Relatedly, responses proposed that all information shared should be focused on risk.

Relevance

Several respondents argued that it is important that only information which is relevant for safeguarding victims of domestic abuse be shared – but equally, that all information deemed relevant be shared to help ensure that the response is as effective as possible.

Proportionate

Equally, respondents also felt that it was important that the information shared be proportionate:

‘Proportionate information sharing is the key to a successful MARAC, facilitating effective safety planning while protecting the rights of the individual.’

– Scottish Borders Council

Robust governance

It was additionally suggested that the information shared as part of multi-agency working in this area should be robustly governed.

6. Other comments

Importance of ISPs

Several respondents emphasised the how important they felt it was that ISPs are established, and how useful they thought they would be in facilitating successful multi-agency working in this area. One response highlighted a previous example of a domestic abuse case in which missed opportunities for information sharing were found to have contributed to a homicide.

Central reporting system

Some respondents suggested that a central, national database or reporting system to facilitate information sharing between agencies be established. One response suggested that relevant information from multi-agency risk assessment conferences be recorded on NHS systems so that it is available to staff working with that person.

Data Protection Impact Assessment

It was recommended that Scottish Government conduct a Data Protection Impact Assessment on any future policy proposals relating to multi-agency working for victims of domestic abuse, and that relevant agencies also conduct these on local arrangements.

Consultation with ICO

The Information Commissioner’s Office recommended that:

‘If the Scottish Government produces any statutory guidance relating to the sharing of personal data within the MARAC scheme, it must consult the ICO during the development of that guidance. All guidance relating to data-sharing should ultimately be made compliant with the forthcoming ICO Code of Practice on Data Sharing.’

– Information Commissioner’s Office