Information Sharing and Confidentiality

Safeguarding people from harm and abuse often requires information sharing between services and organisations.

Sharing information enables professionals to fully understand and assess the risk to the person and make informed decisions about what action needs to be taken. Not sharing information in such circumstances can leave the person at risk of abuse and/or harm.

Understanding the legislation

UK General Data Protection Regulation (UK GDPR)

UK GDPR was part of a Europe wide package of reform to the data protection landscape that includes the Data Protection Act 2018.

UK GDPR sets out requirements for how organisations need to handle personal data, enhancing the rights of people whose data is held. It is designed to strengthen the protection of personal information, in response to technological and societal changes that have taken place over recent years, and extend the rights and controls individuals have over their data.

UK GDPR guidance and resources contains lots of useful information and can be found on the Information Commissioner's Office website.

The Data Protection Act 2018

Everyone responsible for using personal data has to follow strict rules called 'data protection principles'. They must make sure the information is:

used fairly, lawfully and transparently
used for specified, explicit purposes
used in a way that is adequate, relevant and limited to only what is necessary
accurate and , where necessary, kept up to date
kept for no longer than is necessary
handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information such as race, ethnic background, political opinions, religious beliefs, trade union membership, genetics, biometrics, health, sex life or orientation.

Human Rights Act 1998

The Human Rights Act 1998 sets out the fundamental rights and freedoms that everyone in the UK is entitled to. It incorporates the rights set out in the European Convention on Human Rights (ECHR) into domestic British law.

Article 2 and 3 place an obligation on public authorities to protect people's rights to life and their freedom from torture, inhumane and degrading treatment.

Article 8 is Respect for your private and family life, home and correspondence.

Meeting these obligations may require these rights to be balanced against each other. Information should be shared with consent wherever possible, but some situations where people are at risk of abuse or neglect, may necessitate lawful information sharing without consent.

Seven Golden Rules for Information Sharing

1. GDPR is not a barrier

Remember that data protection and regulation law is not intended as a barrier to info sharing – it helps us to share the right information, in the right way, for the right reasons. Never put management or organisation interests before the safety of others. The principle of confidentiality is not absolute, especially when it is to safeguard adults or children.

2. Be open and honest

Right from the start, be clear with the people we support (and/or their families where needed) what we hold, why we might share it, who might need to know. Try and get informed consent from the beginning where possible.

3. Seek advice

If in doubt, ask! Have confidence in checking with others. Talk to your safeguarding lead, or line manager. You do not have to disclose personal or identifying information to get someone else’s view, even if you talk to the police or the local authority.

4. Share with consent wherever possible

But respect the wish of those who do not consent. It is their right as an adult, where they have the mental capacity to make that decision. However, you may still decide to share the information without consent, where you can evidence that the need is:

in the public interest (e.g. other adults at risk, staff are implicated)
the adult, or someone else, is at very serious risk of harm
a serious crime has been committed
you suspect coercion or duress is involved in their decision
the person lacks the mental capacity to make the decision

5. Always consider the safety and well-being

What is the risk of not sharing the information? What will be the impact of sharing / not sharing – on the person, on anyone else involved.

6. Necessary, proportionate, relevant, accurate, timely and secure.

Check these key words. Is it the right information for the purpose? Is it being shared in the right format, with the right people? Is it accurate and up to date? Are you sharing promptly enough for the purpose intended? Think “need-to-know”.

7. Keep a record

Be clear what you have shared or chosen not to share. Why have you shared the information? Evidence how you came to that decision, and who you shared what with.

Adapted from SCIE Safeguarding Adults information sharing

Information sharing flowchart

Adapted from HM Government Information Sharing: Advice for practitioners providing safeguarding services to children, young people, parents and carers.

Reporting Concerns

Report any safeguarding concerns to the Adult Social Care Contact Team via the online portal or by telephone 0161 206 0604.

If there are concerns that a child or adult may be at risk of serious or significant harm, then follow the relevant procedures without delay. Seek advice if you are not sure what to do at any stage and ensure that the outcome of the discussion is recorded.

Outline description of flowchart

Title: Flowchart of key questions for information sharing

Top of chart begins with: You are asked to or wish to share information
Is there a clear and legitimate purpose for sharing information?

If no, do not share and record the information sharing decision and your reasons, in line with your agency’s or local procedures.
If not sure, seek advice
If yes, move to the next step

Do you have consent to share?

If yes you can share:
- Sharing information:
  - Identify how much information to share.
  - Distinguish fact from opinion.
  - Ensure that you are giving the right information to the right person.
  - Ensure you are sharing the information securely.
  - Inform the person that the information has been shared if they were not aware of this and it would not create or increase risk of harm.
- Then record the information sharing decision and your reasons, in line with your agency’s or local procedures.
If not sure, seek advice
If no, move to the next step

Does the information enable an individual to be identified?

If no, you can share.
- Sharing information:
  - Identify how much information to share.
  - Distinguish fact from opinion.
  - Ensure that you are giving the right information to the right person.
  - Ensure you are sharing the information securely.
  - Inform the person that the information has been shared if they were not aware of this and it would not create or increase risk of harm.
- Then record the information sharing decision and your reasons, in line with your agency’s or local procedures.
If not sure, seek advice
If yes move to the next step

Have you identified a lawful reason to share information without consent?

If yes you can share.
- Sharing information:
  - Identify how much information to share.
  - Distinguish fact from opinion.
  - Ensure that you are giving the right information to the right person.
  - Ensure you are sharing the information securely.
  - Inform the person that the information has been shared if they were not aware of this and it would not create or increase risk of harm.
- Then record the information sharing decision and your reasons, in line with your agency’s or local procedures.
If not sure, seek advice
If no, do not share and record the information sharing decision and your reasons, in line with your agency’s or local procedures.

Useful links and resources

7 Minute Briefing - Information Sharing

SCIE Information Sharing

Latest news

Details of all the latest news from Salford Safeguarding Adults Board.

See all the latest news