Sharing information with the adult at risk | Leeds Safeguarding Adults Board

If you are the safeguarding lead for your organisation, please ensure that you disseminate and implement this guidance throughout your organisation:

Ensure staff are made aware of the guidance via briefings / internal communications
Make the guidance available via your intranet with a link across to this page
Update in-house policies and procedures to reflect this guidance
Update in-house training to reflect this guidance
Take steps to assure yourself that this guidance is being followed appropriately in practice

__________________________________________________________

7. Sharing personal and confidential information with the adult at risk about a person alleged to have caused harm

Care Act 2014, Section 42 Safeguarding Enquiries – Practice guidance:

A safeguarding coordinator or a person carrying out a safeguarding enquiry may, during the process become party to range of sensitive and confidential information regarding a person who is alleged to have caused harm. Whilst it is important to work with and alongside the adult at risk, the conducting of a safeguarding enquiry does not entitle the adult at risk to personal or confidential information about another person. Sharing such information must be in accordance with GDPR regulations to be lawful.

This guidance must be referred to whenever practitioners/services are considering sharing such information. It applies equally to information shared in conversation with the adult at risk, as well as that potentially shared within reports and meeting minutes.

Please note: Wherever the term adult at risk is used within this document, it should be read as being inclusive of a representative facilitating their involvement within a safeguarding enquiry.

Question 1: Do I have the power to share information?

Irrespective of whether the person causing harm is a member of staff, a volunteer, another service user or a member of the public, the general principle is that you must not share any personal or confidential information with the adult at risk, about the person alleged to have caused harm.

Section 42 of the Care Act states: The local authority must make (or cause to be made) whatever enquiries it thinks necessary to enable it to decide whether any action should be taken in the adult's case (whether under this Part or otherwise) and, if so, what and by whom.

The objectives of an enquiry are set out in Section 14.94 of the Care and Support Statutory guidance:

Establish facts
Ascertain the adult’s views and wishes
Assess the needs of the adult for protection
Support and redress and how they might be met
Protect from the abuse and neglect, in accordance with the wishes of the adult
Make decisions as to what follow-up action should be taken with regard to the person or organisation responsible for the abuse or neglect
Enable the adult to achieve resolution and recovery

As neither the Care Act 2014 or the Care and Support Statutory guidance above provides a justification for sharing personal and confidential information about another party, with the adult at risk, any such decisions would need to be made within GDPR regulations.

Question 2: Is the sharing justified and necessary?

GDPR would only provide for the sharing of personal or confidential information with the adult at risk where it justified and necessary to achieve a legitimate aim, a public task or a process required by law.

To be ‘justified and necessary’ it must be information that the adult needs to know in order to protect themselves from abuse and neglect. If it is not justified and necessary for this purpose, the information cannot be shared.

Illustrative examples:

Example One) If in a residential home, there are incidents of aggression towards one resident by another. As part of the Safeguarding Plan:

It might be justified and necessary for the adult at risk to know that the other party has a dementia diagnosis and that during periods of confusion and disorientation they can be aggressive. This may help the adult at risk to manage their interaction with them and to be safe.
It won’t be justified and necessary however, to share information about that person’s history, medication or treatment with the adult at risk. No more information should be shared than is necessary for the person to be safe.

Example Two) If a member of staff working with the individual at risk has been dismissed as a result their behaviour towards them, then as part of the Safeguarding Plan:

It might be legitimate for the adult at risk to know that the person has been dismissed and hence they will not be providing them with care or be someone they see again.
It won’t be justified and necessary to give details of current and past disciplinary proceedings, to provide other information such as relating to their mental health, or their personal life.

Example Three) If during an enquiry, you become aware of previous criminal conviction about the person alleged to have caused harm, this cannot be shared with the adult at risk unless:

Sharing of this specific information is justified and necessary as part of the Safeguarding Plan. That is, it is necessary for their safety. It is information they need to know to understand the seriousness of a risk and how to respond to that risk; or
The Information is a matter of public record – that is the information is easily and freely available to members of the public (e.g. in a newspaper or on the internet); or
The police have provided the information and given permission for the information to be shared.

No more information should be shared than is necessary to safeguard the individual at risk. This means that it is unlikely that full details of the conviction, its circumstances and who was involved will need to be shared. Similarly, information about unrelated convictions will not need to be shared.

Question 3: How should I manage confidential and sensitive information in minutes/reports

Confidential and sensitive information that cannot be shared will need to be redacted from enquiry reports and meeting minutes before sharing with the adult at risk.

Please note: Information that cannot be shared in writing, should not be shared verbally either.

Practical tips: When redacting reports:

First, consider each bit of information about the person alleged to have caused harm and ask oneself – Is it ‘justified and necessary’ to share information of this nature with the adult at risk for them to be safe from abuse or neglect. If it is not necessary for this purpose, it needs to be redacted.
Secondly, consider each bit of information that remains and ask yourself, is no more information being shared here, than is necessary to safeguard the adult at risk.
Lastly, with the information that remains, ask yourself - is this accurate, do I know this to be true? Be careful not to state issues as facts, if they are not.

Remember:

People are rarely anonymous in a report, even if their name is not used or if only initials are used. Most people reading the report, especially the adult at risk, will know who it concerns. Just removing the persons’ name but continuing to include sensitive and confidential information about them is likely to be a breach of their right to privacy.
Although the name of the individual is likely to be known by those expected to read the reports. There is always a risk that the report is shared inappropriately, and for these reasons neither their name nor their initials should be used. A single initial or a random letter could be used as an alternative.

Question 4: What if I am not sure what information I can or cannot share

Sharing information about another person without a lawful basis will be a breach of that individuals right to privacy. This guidance can only set out principles and give illustrative examples. It cannot take into consideration all the circumstances of a decision. As such if you have any doubt people about what information can or cannot be shared, you must gain advice from your line-manager, your information governance lead or your legal services before sharing the information.