Report a concern

If you are the safeguarding lead for your organisation, please ensure that you disseminate and implement this guidance throughout your organisation:

  • Ensure staff are made aware of the guidance via briefings / internal communications
  • Make the guidance available via your intranet with a link across to this page
  • Update in-house policies and procedures to reflect this guidance
  • Update in-house training to reflect this guidance
  • Take steps to assure yourself that this guidance is being followed appropriately in practice

__________________________________________________________

Foreword 

Sharing the right information at the right time with the right people, is fundamental to good safeguarding practice. Good information sharing enables practitioners and agencies to work together effectively, in the interests of supporting people within our communities to be safe and to feel safe. 

Too often however, people and organisations feel they cannot share information. Out of fear of doing the wrong thing, sometimes information that could make a real difference to someone’s safety is not passed on. This is why we have developed this policy. We recognise that to support practitioners to make decisions about these important and sometimes difficult areas of practice, we need to provide clear guidance. 

It is the Care Act 2014, Data Protection Act 2018 and General Data Protection Regulation that provide our legal framework for sharing information between different agencies and organisations. The first step to good information sharing, is to recognise that laws and regulations are not barriers to working together, but rather they provide a framework to ensure that information is shared appropriately, and in a way that protects citizen rights. 

We have sought to explain the Acts and these Regulations in relation to key issues in safeguarding adults, which we hope practitioners will find helpful in supporting their day-to-day practice. However, if you remain unsure if you can share information please seek additional advice from managers and information sharing leads within your organisation. Richard Jones CBE, Independent Chair Leeds Safeguarding Adults Board

1. Scope of this policy

This Policy applies to all member organisations of the Safeguarding Adults Board and all non-member organisations that might need to share information to safeguard adults at risk. 

It provides guidance in relation to three important areas of safeguarding work: 

  1. Sharing concerns about a person at risk of abuse and neglect 
  2. Sharing information about a person in a position of trust 
  3. Sharing information for the purposes of a Safeguarding Adults Reviews 
  4. Sharing information for quality assurance purposes 

This guidance cannot contain all the provisions of the Data Protection Act 2018 and the General Data Protection Regulations, which should be consulted for further information as required. Organisations should also work within the context of their own information sharing policies and seek advice from their information sharing leads as required in relation to individual cases.

2. What kinds of information is covered by this policy?

Safeguarding someone from abuse or neglect will involve agencies working together. This will require agencies to share information about people with other agencies. This will often include both ‘personal’ and ‘special category’ data. 

Personal data relates to a living individual who can be identified from the data, or from the data in combination with other information which is at the disposal of other individuals or is in the public domain. 

Personal data includes obvious identifiers such as names, addresses, dates of birth, as well as NHS or National Insurance numbers. Facial photographs and CCTV footage are also regarded as personal data, as are descriptions or photographic records of unique scars, tattoos or other markings. 

Where information is fully anonymised, or is otherwise non-identifiable or wholly statistical in nature it is not personal data. 

Special category data relates to race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); physical or mental health (including disabilities); sex life and / or sexual orientation. Although not part of the GDPR definition of Special Category Data, information relating to the commission or alleged commission of any offence; and criminal proceedings, should be regarded as equally sensitive. 

Information relevant to safeguarding will often concern someone’s physical or mental impairment or illness, this information is special category data. 

The nature of this policy involves information sharing to protect adults with care and support needs, and the legal basis for this will include either:

  • Consent 
  • Substantial public interest 
  • Public Tasks / Legitimate tasks – in the context of public interest concerns; and 
  • Legal obligation 

As such, in this context, the policy will apply equally to both the sharing of personal data and special category data.

3. Key messages for safeguarding practice
  1. Frontline staff and volunteers should always report safeguarding concerns in line with their organisation’s policy – this will usually be to their line manager in the first instance except in emergency situations.                                                                                                                                                                                             
  2. Within organisations, practitioners do not need consent to share information with relevant managers and colleagues; this is part of providing a safe and appropriate service. Confidentiality should not be confused with secrecy. Information provided to practitioners in the course of their role can be shared without consent with relevant managers and colleagues.                                                                                                                                                                                                 
  3.  Adults have a right to independence, choice and self-determination including control over information about themselves. In the context of safeguarding adults however, actions sometimes need to be taken in the absence of consent in certain circumstances.                                                                                                                                 
  4. You should seek consent where possible before sharing information with different organisations. It is important to be open and honest with the person whose information you want to share from the outset about why, what, how and with whom information will, or could, be shared, and seek their agreement unless to do so places someone at risk or is not practicable.                                                                                                                                                               
  5. Individuals may not give their consent to the sharing of information with other organisations for a number of reasons. For example, they may fear losing control, they may not trust a particular agency or they may fear that their relationship with the person posing a risk will be damaged. Explanation, reassurance and appropriate support may help the person to change their view on whether it is best to share the information.                                                                                                                                                                        
  6. If a person requests that information about them is not shared with other safeguarding partners, their wishes should be respected. However, there are a number of circumstances where the practitioner can reasonably override such a decision, including where:
  • the person lacks the mental capacity to make that decision – this must be properly explored and recorded in line with the Mental Capacity Act; and decisions made in the person’s best interests o other people are, or may be, at risk, including children; o sharing the information could prevent a crime; 
  • the person posing a risk has care and support needs and may also be at risk; 
  • the person has the mental capacity to make that decision but they may be under duress or being coerced; o a court order or other legal authority has requested the information, and/or 
  • it is a proportionate response to take actions to assess risk and enable the person to have the opportunity to receive support in relation to those risks.                                                                                                                       
  1. In such situations, if the person declines to give their informed consent, then unless it would place someone at risk or is not practicable, it should be explained to them that the information will need to be shared without their consent. The reasons for this should be explained and recorded. The safeguarding principle of proportionality should underpin decisions about sharing information without consent, and decisions should be on a case-by-case basis.                                                                                                                                                                                           
  2. If the decision is not to share safeguarding information with other safeguarding partners, you should support the person to weigh up the risks and benefits of different outcomes, ensure they are aware of the level of risk and possible outcomes, regularly review the situation and try to build trust to enable the person to better protect themselves.                                                                                                                                                   
  3. Every instance of sharing a person’s data must be justified. This means that the information which must be shared, and the reason for sharing it, must be clearly defined and scrutinised.                                                                                                                                                   
  4. Do not share personal data unless it is absolutely necessary. Where it is necessary, only share the minimum necessary to achieve the required aims.                                                                                                                                                                                       
  5. Access to personal data should be on a strict need-to-know basis.                                                                                                                               
  6. Ensure all information that is shared is accurate and timely. Where disclosing data about an individual, clearly state whether the data being supplied is fact, opinion, or a combination of the two                                                                                                                                                                                                    
  7. Ensure information is shared in a manner that is secure.
4. Sharing information to safeguard an adult(s) with care and support needs from abuse and neglect

This guidance will be relevant to: 

  • Liaising with other organisations regarding concerns about possible abuse or neglect 
  • Raising a safeguarding concern with the local authority 
  • Undertaking enquiries and taking actions within the multi-agency policy and procedures 

More specifically, it includes sharing information for the purpose of: 

  • Establishing the grounds for a safeguarding adult enquiry 
  • Planning, initiating and conducting a safeguarding adults enquiry 
  • Establishing the potential need for involvement of partner organisations in adult safeguarding work (enquiry, prosecution or protection arrangements). 
  • Undertaking actions within a safeguarding enquiry 
  • Making a referral to a partner organisation for immediate action to protect an adult. 
  • Making a referral to organisations for the purpose of requesting or amending services to persons at risk of abuse or neglect. 
  • Notifying service providers of a risk posed by a service user. 
  • Making a referral to the Disclosure and Barring Service (“DBS”) or to provide information to the DBS for the purposes of them coming to a barring decision. 
  • Making a referral, or to provide information, to a professional regulator for the purposes of them coming to a decision. 
  • Notifying the Care Quality Commission to enable them to consider the need to take action relating to a source of risk that concerns a registered care provider. 
  • Notifying the Charity Commission to enable them to consider the need to take action relating to a source of risk that concerns a registered charity. 
  • To inform the development of multi-agency policies and strategies for protecting adults at risk of abuse. 
  • To monitor and review safeguarding adult concerns and the impact of adult safeguarding policies and procedures 

It is important to note that sharing information about a person experiencing or at risk of abuse, will also involve sharing information about the source of this risk. This might be an individual, an employee or volunteer or an organisation for example. Sharing relevant information about the person at risk and the source of that risk are both covered by the guidance in this section (Section 4). 

You can share relevant information for these purposes, if you can answer yes to each of the following four questions:

4.1 Question 1: Do I have the power to share the information?

You have the power to share this information if, 

  • The person at risk has consented to the information being shared, or 
  • Sharing the information is in the ‘substantial public interest’
4.1.1 Sharing information with consent

The general principle is that the person’s explicit consent should be sought to share information about them. If a person is reluctant for information to be shared, it is important to try and understand the person’s reasons for this, so that their concerns can be addressed. 

It is often helpful to: 

  • Explore the reasons for the person’s objections – what are they worried about? Seek to understand any personal or cultural barriers to seeking support. 
  • Explain the concern and the risks and why you think it is important to share the information 
  • Tell the person who you would like to share the information with and why 
  • Explain the benefits, to them or others, of sharing information – could they access better help and support? • Discuss the consequences of not sharing the information – could someone come to harm? 
  • Reassure them that the information will not be shared with anyone who does not need to know 
  • Reassure them that they are not alone and that support is available to them. Do not assume that people know and understand what support is available, how it is provided, or how to access it.

 Key features of giving consent include: 

  • The consent to share information must be for a specific reason and purpose 
  • Consent must provide individuals with real choice and control. It must be freely given, specific and informed. 

It can sometimes be difficult for an organisation to show that consent is freely given because of the imbalance of power between it and the individual. This is  because those who depend on the organisation’s services might feel they have no choice but to agree, so consent is not considered freely given. 

Example: Consent not freely given 

A patient attending hospital discloses that they are being abused by a care home worker, but they do not want the hospital to do anything. The hospital worker explains that because the concerns involve a care home worker, they need to raise a safeguarding concern with the local authority, even if the patient does not wish for this to happen. The individual therefore consents, but does so knowing that the actions will be taken even if they do not consent. In effect they had no real choice but to agree. 

For these reasons, it will not always be possible to rely on consent as a lawful basis for sharing information. In the example above, the hospital would need to consider if their lawful basis for sharing the information actually results from a ‘substantial public interest’ as set out in 4.1.3. 

However, organisations may be able to rely on consent as a basis for sharing where they are convinced they can demonstrate that it is freely given. Consent must be given by a clear affirmative act. Clear records must be kept to demonstrate, and evidence, consent. Individuals should also be told about their right to withdraw consent at any time. 

It is very important to remember that difficulties relying on consent as a legal basis for sharing information does not mean that consent should not be sought. The question of consent as a lawful basis for sharing information is distinct from the obligations practitioners hold to adults to seek their consent to share information. 

The obligation to seek consent arises out of good safeguarding practice and the Caldicott principles. Where consent has been given, in certain circumstances, as explained above, you will be able to rely on it as a lawful basis for sharing information under the GDPR and Data Protection Act 2018.

4.1.2 Capacity and consent

The Mental Capacity Act 2005 states that mental capacity to consent must be assumed unless it is assessed as otherwise. An adult who is either assumed to have mental capacity or assessed to have capacity is therefore able to consent to sharing information about the risk they experience. 

Mental capacity assessments are decision-specific. Furthermore, a person who lacks capacity at a certain time may be able to make that decision at a later date. Where it is assessed that an individual lacks capacity to consent to sharing data at a particular time, consideration should be given to whether the data needs to be shared now, or could wait until a time when the person is able to consent. 

If the individual does not have the mental capacity to consent there should be consideration as to whether it is in the best interests of the person at risk, as determined in accordance with the Mental Capacity Act 2005, for this information to be shared. Staff or volunteers should record such decisions in-line with the policies and procedures of their organisation.

4.1.3 Sharing information in the substantial public interest

As set out above, the general principle is that consent should be sought from someone about the sharing of information about them. There are however, circumstances in which obtaining consent may not be possible, or it may not be relied upon. If this is the case, the following guidance should be followed to decide whether it is appropriate to share the information without the person’s consent. 

Firstly, sharing of the information should be in the substantial public interest, and necessary for the purposes of either: 

  • Protecting an individual from neglect or physical, mental or emotional harm; or 
  • Protecting the physical, mental or emotional wellbeing of an individual 

As the nature of safeguarding is to protect a person, or a group of people, from harm or the risk of harm it is likely that this criteria will be satisfied when information is being shared for the purposes of taking actions to safeguard someone. 

For this clause to apply however, there must be reasonable cause to suspect that the individual (or a group of individuals or a ‘type of individual’): 

  • has needs for care and support, 
  • is experiencing, or at risk of, neglect or physical, mental or emotional harm, and 
  • as a result of those needs is unable to protect himself or herself against the neglect or harm or the risk of it. 

Such information can only be shared without consent if one of the following criteria is met: 

  • Consent cannot be given, For example, the person is unable to consent due to intimidation or duress. 
  • Consent cannot reasonably be expected to be obtained, 

For example, the risks are such that action is needed urgently; it is not practicable in the circumstances; seeking consent may place someone at greater risk; or the nature of your relationship makes this inappropriate. 

  • Obtaining consent would prejudice the purposes of safeguarding, 

For example, the information needs to be shared to protect an individual from abuse or neglect; to protect others from harm; or to fulfil public interest duties such as will occur when there are safeguarding concerns involving a service, employee or volunteer 

Practitioners should refer to their own internal policies, their safeguarding and information sharing leads as required, for advice in relation to how this applies to individual cases. The Leeds Multi-Agency Safeguarding Adults Policy and Procedures also provides further practice guidance on raising a concern with the local authority, with and without consent. 

4.1.4 Sharing information about a person who is deceased

Guidance from the Information Commissioners Office confirms that the General Data Protection Regulations only apply to information which relates to an identifiable living individual. 

Information relating to a deceased person does not constitute personal data and is therefore not subject to General Data Protection Regulations. 

Whilst the provisions of GDPR/DPA 2018 do not apply to data in relation to deceased persons, consideration should still be given to whether the sharing of information is justified and necessary, accurate and up-to-date and can be shared securely as set out below.

4.2 Question 2: Is the Sharing Justified and Necessary?

Having established whether you have the power to share information, consider next if the sharing is justified and necessary. In practice this is often an extension of question one (4.1). Consider: 

  • Is there a clear purpose for sharing the information? 
  • Is the sharing a reasonable way to achieve that purpose? 

Information sharing will not be justified if you can reasonably achieve the same purpose without sharing the data. Being justified does not mean that the processing has to be absolutely essential. However, it must be more than just useful/standard practice. The easiest way to think about it is if the sharing is a targeted and proportionate way of achieving a specific purpose. 

  • Is the sharing fair, i.e. is sharing data something people would reasonably expect? 
  • Have I only shared the information that is necessary to share? You should always ensure you share no more information than is necessary to achieve your purpose.
4.3 Question 3: Is the Personal Data Accurate and Up-to-Date?

Thirdly, the information shared should be accurate so as to present a fair picture of circumstances and enable informed decision-making. In order to be accurate, it must also be up-to-date. Data entries should also be complete, or indicate where information is missing.

4.4 Question 4: Can I Share the Personal Data securely?

Finally, can you physically share the information securely? Information should be shared according to organisational policies and local arrangements. However, guidance on how to share information securely is included in the Appendix.

4.5 Reluctance to share information

In the event that an organisation declines to share information considered necessary to enable the Safeguarding Adults Board to exercise its functions, the Board will consider whether to exercise its powers under Section 45 of the Care Act 2014. 

Section 45 of the Care Act 2014 states that if the Safeguarding Adults Board requests information from a body or person who is likely to have information, that body or person must share what they know with the Safeguarding Adults Board. The information requested must be for the purpose of enabling or assisting the Safeguarding Adults Board to perform its functions. 

This will be relevant when the Board undertakes Safeguarding Adults Reviews (See Section 6); however it may also be relevant where an organisation decides not to share pertinent information to enable necessary enquiries to be undertaken within the Leeds Safeguarding Adults Board’s Multi-Agency Safeguarding Adults Policy and Procedures. 

Requests for the Board to exercise its Section 45 powers, will usually be raised by organisations with the Chair of the Board via its Board member. Wherever practicable, the Chair of the Leeds Safeguarding Adults Board will seek the views of its relevant statutory members of the Safeguarding Adults Board, before reaching a decision. This may not always be possible however, for example, where a delay would place an individual at further risk.

5. Sharing information about a person in a position of trust

The Care Act 2014 recognises that safeguarding concerns are not always in relation to the safety and wellbeing of an individual or individuals, but rather they relate to the possible risk posed more widely by a person in a position of trust. 

Safeguarding Adults Boards are required to establish guidance for how organisations should respond to such concerns. This may involve informing other organisations about potential risks so that they can be assessed and appropriately managed to prevent abuse or neglect. As such this guidance on information sharing must be read alongside the LSAB Practice Guidance: People in Positions of Trust. 

You can share relevant information if you can answer yes to each of the following questions:

5.1 Question 1: Do I have the power to share information

Public bodies or organisations commissioned by them should be considered to be undertaking a public task as a lawful basis for sharing information. Other agencies not fulfilling public tasks should consider relying on legitimate interests as a lawful basis for sharing information.

5.1.1 Public Tasks

Public tasks are relevant to public authorities and organisations commissioned by public authorities. Public tasks are those tasks that involve processing information that is necessary for you to perform a task in the public interest or for your official functions and the task or function has a clear basis in law. 

In other words, if your organisation is a public body or commissioned by one, and as part of this role you have a responsibility to safeguard adults with care and support needs from abuse, then you may consider relying on fulfilling a public tasks as a legal basis for sharing information about a person in a position of trust. 

In fulfilling a public task there is a need to consider when the right to privacy of a person in a position of trust, is outweighed by the rights of safety of others. As such, there must be due consideration of Article 8 of the Human Rights Act (the right to private and family life). 

Article 8 – Right to respect for private and family life 

  1. Everyone has the right to respect for his private and family life, his home and his correspondence. 
  2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
5.1.2 Legitimate interests

If you are not a public authority or commissioned by a public authority, you should consider relying on legitimate interests as your lawful basis for sharing information about a person in position of trust. 

This may be relevant where sharing the information is necessary: 

  • for the public authority’s legitimate interests or 
  • the legitimate interests of a third party, unless there is an overriding reason to protect the individuals personal data. 

You can rely on this provision as the basis for sharing information if the legitimate interest in sharing the data (i.e. the safety of others) outweighs the person in a position of trust’s interest in maintaining their privacy.

5.2 Question 2: Is it justified and necessary

Regardless of whether public tasks or legitimate interests are used as the legal basis in law, the judgement to be made is the same. In deciding whether sharing the information is justified and necessary a professional judgement will be required based upon balancing the safety and needs of those potentially at risk, with the rights of the employee/volunteer or student as described below: 

  • A fair balance must be struck between the rights of the person in a position of trust to privacy and the interests of those at risk of abuse and neglect. This requires a careful assessment of the severity and consequences of the interference in the life of a person in a position of trust and the risk posed to others. 
  • The risks to adults with care and support needs must be sufficient to justify interfering with the person in a position of trusts’ right to privacy. The consideration is therefore one of proportionality - there should be a need for the disclosure in order to protect adults with care and support needs. 

Ask yourself: Is the sharing of this information fair, i.e. is sharing this information something people would reasonably expect you to do in these circumstances? 

  • If it is reasonably believed that the sharing of information will achieve the aim of preventing abuse or neglect, there should be no more interference in the person’s right to privacy than is necessary to achieve this aim.

Ask yourself: Am I only sharing information that is necessary to share? You should always ensure you share no more information than is necessary to achieve your purpose. 

It will be important to record your judgement, your reasons for sharing or not sharing the information, the factors you have considered, and why you have given weight to some factors more than others. Please refer to the LSAB Practice Guidance: People in Positions of Trust, which includes a recording template that can be used where helpful, to assist with and record such decision making.

5.2.1 Consent & involvement of the person in a position of trust

Unless wholly impractical, before disclosing information to another employer, volunteer manager or student body, there is a need to consult with the person in a position of trust whose information is to be shared. This will give them the opportunity to respond to the concerns and make representation on the need to share the information.

Whilst it is important to work with the person in a position of trust and seek their agreement to share information wherever possible, consent however will not always be considered a lawful basis to share information in such situations. 

Consent must be freely given, specific and informed and the imbalance of power in such situations may mean that it cannot always be relied upon. In such cases, decisions will need to be proportionate to the concern as set out in Section 5.2 above. This does not preclude however in any way, the responsibility to consult with the person in the position of trust unless it is wholly impracticable to do so or may place someone at risk.

5.3 Question 3: Is the Personal Data Accurate and Up-to-Date

Thirdly, the information shared should be accurate so as to present a fair picture of circumstances and enable informed decision-making. In order to be accurate, it must also be up-to-date. Data entries should also be complete, or indicate where information is missing.

5.4 Question 4: Can I Share the Personal Data securely?

Finally, can you physically share the information securely? Information should be shared according to organisational policies and local arrangements. However, guidance on how to share information securely is included in the Appendix.

6. Sharing information for a Safeguarding Adults Review

The requirement for Safeguarding Adults Boards to undertake Safeguarding Adults Reviews is set out in Section 44 of the Care Act. 

Their purposes is to ‘promote effective learning and improvement action to prevent future deaths or serious harm occurring again’. The aim is that lessons can be learned from the case and for those lessons to be applied to future cases to prevent similar harm re-occurring. 

If you have received a request for information to assist with a Safeguarding Adults Review, you can share relevant information if you can answer yes to each of the following questions:

6.1 Question 1: Do I have the power to share the information?

If you have been asked for information by a Safeguarding Adults Board (SAB), you have the power to share relevant information. Indeed there is a legal obligation on organisations to contribute to safeguarding adults reviews as set out in Section 44(5) and Section 45 of the Care Act: 

Section 44(5) states : Each member of the SAB must co-operate in and contribute to the carrying out of a review under this section with a view to— 

  • identifying the lessons to be learnt from the adult’s case, and 
  • applying those lessons to future cases. 

Section 45 states: If an SAB requests a person to supply information to it, or to some other person specified in the request, the person to whom the request is made must comply with the request if— 

  • the request is made for the purpose of enabling or assisting the SAB to exercise its functions. 
  • if that the request is made to a person whose functions or activities the SAB considers to be such that the person is likely to have information relevant to the exercise of a function by the SAB.
6.2 Question 2: Is the Sharing Justified and Necessary?

Although there is a legal obligation to share information for the purposes of a Safeguarding Adults Review, it is still appropriate to consider if the sharing of the particular information is justified and necessary for the purposes of the review. In practice however, this is often an extension of question one (Section 6.1).  Consider: 

  • Is there a clear purpose for sharing this information? 
  • Is the sharing of this information reasonable way to achieve that purpose? 
  • Is the sharing fair, i.e. is sharing data something people would reasonably expect? 
  • Have I only shared the information that is necessary to share? You should always ensure you share no more information than is necessary to achieve your purpose.
6.3 Question 3: Is the Personal Data Accurate and Up-to-Date?

Thirdly, the information shared should be accurate so as to present a fair picture of circumstances and enable informed decision-making. In order to be accurate, it must also be up-to-date. Data entries should also be complete, or indicate where information is missing.

6.4 Question 4: Can I Share the Personal Data securely?

Finally, can you physically share the information securely? Information should be shared according to organisational policies and local arrangements. However, guidance on how to share information securely is included in the Appendix.

7. Sharing information for quality assurance purposes

The objective of a Safeguarding Adults Board (SAB) is to help and protect adults in its area. The way in which an SAB must seek to achieve its objective is by coordinating and ensuring the effectiveness of what each of its members does. In this respect, the SAB may do anything which appears to it to be necessary or desirable for the purpose of achieving its objective. 

The ways in which the Board may seek assurance about the quality and effectiveness of safeguarding practice, processes and arrangements, and which involve sharing information are numerous and varied. The following examples are illustrative of the approaches that may be taken by the Board, and are not exhaustive: 

  • Analysing statistical trends in safeguarding performance data held by Board member organisations 
  • Seeking assurance about organisational safeguarding arrangements 
  • Analysing aspects of safeguarding practice through thematic, focussed case-file audits 
  • Undertaking surveys and questionnaires of adults who have used services and of members of staff 
  • Undertaking systems and compliance audits focussed on the relationship between standards, expectations and practice 
  • Undertaking focus groups and structured conversations with practitioners about individuals about practice or individuals at case level
7.1 Question 1: Do I have the power to share the information?

If you have been asked to share information by a Safeguarding Adults Board (SAB) for agreed and mandated quality assurance purposes, you have the power to share relevant information as set out in the Care Act 2014, sections 43 and 45.

Section 45 states: If an SAB requests a person to supply information to it, or to some other person specified in the request, the person to whom the request is made must comply with the request if— 

  • the request is made for the purpose of enabling or assisting the SAB to exercise its functions. 
  • if that the request is made to a person whose functions or activities the SAB considers to be such that the person is likely to have information relevant to the exercise of a function by the SAB.
7.2 Question 2: Is the Sharing Justified and Necessary?

The SAB will identify aspects of safeguarding about which it has a legitimate interest and requires more information to gain an assurance about the effectiveness of safeguarding arrangements. 

The SAB will only request information for quality assurance purposes where it is satisfied the information being requested is justified and necessary for the purposes of assuring itself of the effectiveness of what each of its members does to help and protect adults in its area (Section 43(2)(3)). Information requested may include statistical data, organisational knowledge and or information held about individuals at case level. 

Although there is a legal obligation to share information to enable the Board to seek assurance about the effectiveness of its safeguarding arrangements, each agency must also consider for itself, if the sharing of the particular information it actually holds, is justified and necessary for the purposes of the assurance being sought. 

Consider: 

  • Is the purpose for sharing information clear and mandated by the Board? 
  • Is the sharing of this information a reasonable way to achieve that purpose? 
  • Is the information sharing fair and proportionate to its purpose? i.e. is sharing data reasonable and is it what is needed? - Have I only shared the information that is necessary to share? You should always ensure you share no more information than is necessary to achieve your purpose.
7.3 Question 3: How will information shared be handled?

Information will be provided in accordance with Section 6.2. 

Information shared about individuals, for example for the purposes of a practice audit, will be restricted to people who need access to it and who will sign a confidentiality agreement. In the event that a practice audit identifies that someone is at risk, then any further information sharing regarding that individual, will be in accordance with Sections 4 or 5 of this policy. 

Reports produced by the SAB will not include identifiable information in respect of the person whose record has been accessed / reviewed or individual members of staff. LSAB reports will focus on thematic learning, development and improvement.

7.4 Question 4: Is any Personal Data Accurate and Up-to-Date?

The information shared should be accurate so as to present a fair picture of circumstances and enable informed decision-making. In order to be accurate, it must also be up-to-date. Data entries should also be complete, or indicate where information is missing.

7.5 Question 5: Can I Share the Personal Data securely?

Finally, can you physically share the information securely? Information should be shared according to organisational policies and local arrangements. However, guidance on how to share information securely is included in the Appendix.

Appendix: Sharing information safely and securely

Information should always be shared securely and in accordance with organisational policies and local arrangements. This guidance however should be used to inform practice: 

Information may be shared verbally, either face-to-face, e.g. in meetings, or on the telephone. 

Where information is shared verbally, it should be recorded accurately as soon as possible. Meetings should be recorded in minutes that are agreed by the attendees present. Care must be taken to record and denote information clearly as fact, statement or opinion and to attribute any statement or opinion to the owner. All information should be recorded in such a way that it can be used as evidence in court, should that be required at a later date. 

Information can be shared in written communications, (for example: forms, minutes, letters, statements or reports) transferred either through (1) an internal or external mail service; (2) an encrypted electronic digital media device; or (3) through a secure email system: 

  • All hard copy written communications containing confidential information should be transferred in a sealed envelope and addressed by name to the designated person within each organisation. The envelope should be clearly marked “Private & Confidential – to be opened by the recipient only”. 
  • When files are transferred on electronic digital media devices, the files should be encrypted to an appropriate standard, with decryption keys/passwords supplied separately. 
  • When confidential information is sent by email, it should be sent and received using secure email addresses, to ensure encryption of information in transit. If a secure email system is not used, the sender should ensure the email is encrypted and/or password protected. 

Always document the reasons for sharing, or not sharing, personal data, including: 

  • the reasons for sharing, or not sharing the personal data; 
  • who was it shared with; 
  • when was it shared; and 
  • what is the lawful basis for sharing. 

Your organisation will have its own means of, and policy for, recording data which should be followed.