3.1.3 Further Information to Inform Decision Making

Practitioners who are asked, or wish, to share information must use their professional judgment to decide whether to share or not and what information it is appropriate to share, unless there is a statutory duty or court order to share.

To inform your decision-making this section sets out further information illustrating the key principles underlying information sharing. This section explains these through seven key questions. They are:

  1. Is there a legitimate purpose for you or your agency to share the information?
  2. Does the information enable a person to be identified?
  3. Is the information confidential?
  4. If the information is confidential, do you have consent to share?
  5. If consent is refused, or there are good reasons not to seek consent to share confidential information, is there a sufficient public interest to share information?
  6. If the decision is to share, are you sharing the right information in the right way?
  7. Have you properly recorded your information sharing decision?

Is there a legitimate purpose for you or your agency to share the information?

If you are asked to or wish to share information about a child, you need to have a good reason or legitimate purpose to share information. This will be relevant to whether the sharing is lawful in a number of ways.

If you work for a statutory service such as education, social care, health or youth justice, or if you work in the private or voluntary sector and are contracted by one of the statutory agencies to provide services on their behalf, the sharing of information must be within the functions or powers of that statutory body. It is likely that this will be the case if you are sharing the information as a normal part of the job you do for that agency.

Whether you work for a statutory service or within the private or voluntary sector, any sharing of information must comply with the law relating to confidentiality, data protection and human rights.  Establishing a legitimate purpose for sharing information is an important part of meeting those requirements. There is more information about the legal framework for sharing information in the document 'Information Sharing: Further Guidance on Legal Issues'

Different agencies may have different standards for sharing information. You will need to be guided by your agency's policies and procedures, any local information sharing protocols, and - where applicable - by your professional code.

Where you have a statutory duty or a court order to share information

In some situations you are required by law to share information, for example, in the NHS where a person has a specific disease about which environmental health services must be notified. There will also be times when a court will make an order for certain information or case files to be brought before the court.

These situations are relatively unusual and where they apply you will know or be told about them. In such situations you must share the information, even if it is confidential and consent has not been given, unless in the case of a court order your organisation is prepared to challenge it and is likely to receive legal advice. Consent from the individual is not required in these situations and should not be sought because of the potential consequences of refusal. Wherever possible, subject to the considerations set out in 3.2, you should inform the individual concerned that you are sharing the information, why, and with whom.

Does the information enable a person to be identified?

In most cases the information covered by this guidance will be about an identified living individual. It may also identify others, such as a child, parent or carer. If the information is anonymised, it can lawfully be shared as long as the purpose is legitimate. If, however, the information does allow a person to be identified, it is personal information and is subject to data protection and other laws. Wherever possible, you must be open about what information you might need to share and why. In some situations it may not be appropriate to inform a person that information is being shared or seek consent to this sharing, for example if it is likely to hamper the prevention or investigation of a serious crime (i.e. a crime causing significant harm to a child or serious harm to an adult) or put a child in a situation of suffering or likely to suffer significant harm, or an adult at risk of serious harm.

Is the information confidential?

Confidential information is:

  • Personal information of a private or sensitive nature; and
  • Information that is not already lawfully in the public domain or readily available from another public source; and
  • Information that has been shared in circumstances where the person giving information could reasonably expect that it would not be shared with others.

This is a complex area and you should seek advice if you are unsure.

There are different types of circumstances that are relevant to confidentiality. One is where a formal confidential relationship exists, as between a doctor and patient, or between a social worker, counsellor or lawyer and their client. Here, it is generally accepted that information is provided in confidence. In these circumstances, all information provided by the individual needs to be treated as confidential. This is regardless of whether or not the information is directly relevant to the medical, social care or personal matter that is the main reason for the relationship.

Another circumstance is, for example, an informal conversation, where a pupil may tell a teacher a whole range of information but only asks the teacher to treat some specific information as confidential. In this circumstance, only the information specific to the pupil's request would be considered to be confidential.

There are also circumstances where information not generally regarded as confidential (such as name and address) may be provided in the expectation of confidentiality and therefore should be considered to be confidential information.

Sometimes people may not specifically ask you to keep information confidential when they discuss their own issues or pass on information about others but may assume that personal information will be treated as confidential. In these situations you should check with the individual whether the information is or is not confidential, the limits around confidentiality and under what circumstances information may or may not be shared with others.

Confidence is only breached where the sharing of confidential information is not authorised by the person who provided it or, if about another person, by the person to whom it relates. If the information was provided on the understanding that it would be shared with a limited range of people or for limited purposes, then sharing in accordance with that understanding will not be a breach of confidence. Similarly, there will not be a breach of confidence where there is explicit consent to the sharing.

Information about an individual or family is confidential to the agency as a whole, and not to individual practitioners. However, individual practitioners do have a responsibility to maintain the confidentiality of the information. They should only share confidential information with other practitioners in the same agency or team for genuine purposes, for example, to seek advice on a particular case or ensure cover for work while on leave. This should be explained clearly to the individual or family at the start of the involvement.

Public bodies that hold information of a private or sensitive nature about individuals for the purposes of carrying out their functions (for example Children's Social Care, Children's Health Services or adult mental health services) may also owe a duty of confidentiality, as people have provided information on the understanding that it will be used for those purposes. In some cases the agency may have a statutory obligation to maintain confidentiality, for example in relation to the case files of Looked After children.

If the information is confidential, do you have consent to share?

Consent issues can be complex, and lack of clarity about them can sometimes lead practitioners to incorrect assumptions that no information can be shared. This section gives further information to help you understand and address the issues. It covers:

  1. What constitutes consent;
  2. Whose consent should be sought;
  3. When consent should not be sought.

What constitutes consent?

Consent is defined in Article 4(11) of the UK GDPR as:

any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her’.


This means that the person giving consent needs to understand why information needs to be shared, what will be shared, who will see their information, the purpose to which it will be put and the implications of sharing that information

Guidance from the Information Commissioner’s Office states:

‘Consent means giving people genuine choice and control over how you use their data. If the individual has no real choice - consent is not freely given and it will be invalid. This means people must be able to refuse consent without detriment, and must be able to withdraw consent easily at any time’.


Consent can be 'explicit' or 'implicit'. Obtaining explicit consent for information sharing is best practice and ideally should be obtained at the start of the involvement, when working with the individual or family to agree what support is required. It can be expressed either verbally or in writing, although written consent is preferable since that reduces the scope for subsequent dispute. Implicit consent can also be valid in many circumstances. Consent can legitimately be implied if the context is such that information sharing is intrinsic to the activity or service, and especially if that has been explained or agreed at the outset, for example when conducting an Early Help Assessment.

  
An example of implicit consent is where a GP refers a patient to a hospital specialist and the patient agrees to the referral; in this situation the GP can assume the patient has given implicit consent to share information with the hospital specialist. However, explicit consent would be required to share information outside the bounds of the original service or setting, for example, for a different type of referral.

In a multi-agency service, explicit consent for information sharing is usually obtained at the start of the involvement of the service and covers all the agencies within the service. This would provide implicit consent to share information within the multi-agency service but there would be a need to seek additional explicit consent for sharing with practitioners and agencies outside the service.

It is best practice to set out clearly your agency's policy on sharing information when the service is first accessed. You must provide privacy information to individuals at the time you first collect personal data from them. The approach to securing consent should be transparent and respect the individual.  For example, it is good practice to set out clearly your agency's policy on sharing information to children and families, when they first access the service.  Consent must not be secured through coercion, or inferred from a lack of response to a request for consent. If there is a significant change in the use to which the information will be put compared to that which has previously been explained, or a change in the relationship between the agency and the individual, consent should be sought again. Individuals have the right to withdraw consent at any time.

Whose consent should be sought?

You may also need to consider whose consent should be sought. Where there is a duty of confidence it is owed to a person who has provided the information on the understanding it is to be kept confidential. It is also owed to the person to whom the information relates, if different from the information provider. A child or young person who has the capacity to understand and make their own decisions may give (or refuse) consent to sharing.

Children have the same rights as adults over their personal data. These are set out in Chapter III and VIII of the UK GDPR.

Guidance from the Information Commissioner’s Office states:

A child may exercise the above rights on their own behalf as long as they are competent to do so. In Scotland, a person aged 12 or over is presumed to be of sufficient age and maturity to be able to exercise their data protection rights, unless the contrary is shown. This presumption does not apply in England and Wales or in Northern Ireland, where competence is assessed depending upon the level of understanding of the child, but it does indicate an approach that will be reasonable in many cases. A child should not be considered to be competent if it is evident that he or she is acting against their own best interests’.

When assessing a child's understanding you should explain the issues to the child in a way that is suitable for their age, language and likely understanding. Where applicable, you should use their preferred mode of communication.

The following criteria should be considered in assessing whether a particular child on a particular occasion has sufficient understanding to consent, or refuse consent, to sharing of information about them:

  • Can the child understand the question being asked of them?
  • Does the child have a reasonable understanding of:
  • What information might be shared?
  • The main reason or reasons for sharing the information?
  • The implications of sharing that information, and of not sharing it?
  • Can the child:
    • Appreciate and consider the alternative courses of action open to them?
    • Weigh up one aspect of the situation against another?
    • Express a clear personal view on the matter, as distinct from repeating what someone else thinks they should do?
    • Be reasonably consistent in their view on the matter, or are they constantly changing their mind?

In most cases, where a child cannot consent or where you have judged that they are not competent to consent, a person with Parental Responsibility should be asked to consent on behalf of the child. If a child is judged not to have the capacity to make decisions, their views should still be sought as far as possible.

Where parental consent is required, the consent of one such person is sufficient. In situations where family members are in conflict you will need to consider carefully whose consent should be sought. If the parents are separated, the consent of the parent with whom the child resides would usually be sought. If the child is subject to a Care Order, practitioners should liaise with the relevant local authority about questions of consent.

If you judge a child to be competent to give consent, then their consent or refusal to consent is the one to consider even if a parent or carer disagrees. Where parental consent is not required, you should encourage the young person to discuss the issue with their parents. However you should not withhold the service on condition that they do so.

These issues can raise difficult dilemmas. Wherever appropriate, you should try to work with all involved to reach an agreement or understanding of the information to be shared. You must always act in accordance with your professional code of practice where there is one and consider the safety and well-being of the child, even where that means overriding refusal to consent. You should seek advice from you manager or nominated safeguarding adviser if unsure.

When not to seek consent

There will be some circumstances where you should not seek consent from the individual or their family, or inform them that the information will be shared, for example where to do so would:

  • Place a child at increased risk of significant harm; or
  • Place an adult at risk of serious harm; or
  • Prejudice the prevention, detection or prosecution of a serious crime (i.e. a crime involving Significant Harm to a child or serious harm to an adult); or
  • Lead to unjustified delay in making enquiries about allegations of Significant Harm to a child or serious harm to an adult.

You should not seek consent where you are required by law to share information through a statutory duty or court order. In these situations, subject to the considerations set out in 13.2, you should inform the individual concerned that you are sharing the information, why, and with whom.

If consent is refused, or there are good reasons not to seek consent to share confidential information, is there a sufficient public interest to share information?

Eliciting the views of children and parents is important and represents good practice. However, even if consent is refused, that does not automatically preclude you from sharing confidential information.

A public interest can arise in a wide range of circumstances, for example to protect children from significant harm, protect adults from serious harm, promote the welfare of children or prevent crime and disorder. There are also public interests, which in some circumstances may weigh against sharing, including the public interest in maintaining public confidence in the confidentiality of certain services.

The key factors in deciding whether or not to share confidential information are necessity and proportionality, i.e. whether the proposed sharing is likely to make an effective contribution to preventing the risk and whether the public interest in sharing information overrides the interest in maintaining confidentiality. 

It is not possible to give guidance to cover every circumstance in which sharing of confidential information without consent will be justified.  It is possible however to identify some circumstances in which sharing confidential information without consent will normally be justified in the public interest.

These are:

  • When there is evidence that the child is suffering or is at risk of suffering significant harm; or
  • Where there is reasonable cause to believe that a child may be suffering or at risk of significant harm; or
  • To prevent significant harm arising to children or serious harm to adults, including through the prevention, detection and prosecution of serious crime, i.e. any crime which causes or is likely to cause significant harm to a child or serious harm to an adult.

Where there is a clear risk of significant harm to a child, the public interest test will almost certainly be satisfied.

There will be cases where sharing limited information without consent is justified to enable practitioners to reach an informed decision about whether further information should be shared or action should be taken. The information shared should be necessary for the purpose and proportionate.

In deciding whether the public interest justifies disclosing confidential information without consent, you should be able to seek advice from your line manager, a nominated individual whose role is to support you in these circumstances, and/or legal advice. If you are working in the NHS or Local Authority the Caldicott Guardian may be helpful (see Section 13.4, Caldicott Guardian). Advice can also be sought from professional bodies, for example the General Medical Council or the Royal College of Nursing.

If the concern is about possible abuse or neglect, all organisations working with children will have a named person who undertakes a lead role for safeguarding children, so consulting this person may also be helpful.

If you decide to share confidential information without consent, you should explain to the person that you intend to share the information and why, unless one of the points at 3.4 "when not to seek consent" is met.

If the decision is to share, are you sharing the right information in the right way?

If your decision is to share, you should share information in a proper and timely way. This means:

  • Share only the information which is necessary for the purpose for which it is being shared;
  • Understand the limits of any consent given, especially if the information has been provided by a third party;
  • Distinguish clearly between fact and opinion;
  • Share the information only with the person or people who need to know;
  • Check that the information is accurate and up-to-date;
  • Share it in a secure way;
  • Establish with the recipient whether they intend to pass it on to other people, and ensure they understand the limits of any consent which has been given;
  • Inform the person to whom the information relates, and, if different, any other person who provided the information, if you have not already and it is safe to do so.

Have you properly recorded your information sharing decision?

You should record your decision and the reasons for it whether or not you decide to share information. If the decision is to share, you should record what information was shared and with whom.

You should work within your agency's arrangements for recording information and within any local information sharing protocols in place.

This page is correct as printed on Sunday 19th of May 2024 06:11:53 AM please refer back to this website (http://seftonscp.procedures.org.uk) for updates.