Information Sharing and Confidentiality Guidance

For Safeguarding Adults and Children

1. Introduction

Effective information sharing is fundamental to safeguarding and promoting the welfare of children, young people, and adults with care and support needs. Reviews into serious incidents repeatedly highlight that failures to share information in a timely and appropriate manner can have severe, sometimes fatal, consequences. Data protection law is not a barrier to sharing information where it is necessary and proportionate to do so for safeguarding purposes.

This guidance sets out the principles, legal bases, and practical steps for information sharing across all agencies and practitioners working with children, young people, and adults in Suffolk. It is intended to support confident, lawful, and effective information sharing to prevent harm and promote wellbeing.

2. Why Information Sharing Matters in Safeguarding

Information sharing enables:

• Early identification of risk and need

• Effective assessment and intervention

• Prevention of harm, abuse, or neglect

• Coordination of multi-agency responses

• Identification of patterns of abuse or risk

• Support for individuals to access appropriate help

• Protection of others who may be at risk

Key message: If you have a safeguarding concern about a child, young person, or adult with care and support needs, you should not hesitate to share relevant information with appropriate partners.

3. Legal Framework for Information Sharing

3.1 Children’s Safeguarding

• Children Act 1989 & 2004: Places duties on agencies to safeguard and promote the welfare of children.

• Working Together to Safeguard Children (2023): Statutory guidance requiring proactive information sharing to identify, assess, and respond to risks.

• Section 11, Children Act 2004: Requires agencies to ensure their functions are discharged with regard to the need to safeguard and promote the welfare of children.

3.2 Adults’ Safeguarding

• Care Act 2014: Requires local authorities and partners to cooperate and share information to prevent and respond to abuse and neglect of adults with care and support needs.

• Care Act Statutory Guidance: Reinforces the need for timely information sharing and multi-agency working.

3.3 Data Protection and Confidentiality

• Data Protection Act 2018 & UK GDPR: Allow for the collection, processing, and sharing of personal data where necessary for safeguarding, provided it is lawful, fair, and proportionate.

• Human Rights Act 1998 (Article 8): The right to private and family life is a qualified right and may be overridden to protect others or prevent crime.

• Common Law Duty of Confidentiality: Not absolute; can be overridden where there is a risk of harm or safeguarding concern.

• Caldicott Principles: Guide the sharing of information in health and social care, emphasising necessity, proportionality, and legal compliance.

3.4 Other Relevant Legislation

• Crime and Disorder Act 1998 (Section 115): Permits disclosure of information to prevent or reduce crime and disorder.

• Mental Capacity Act 2005: Sets out principles for decision-making where an individual’s capacity to consent is in doubt.

4. Principles of Information Sharing

When sharing information for safeguarding purposes, practitioners must ensure that it is:

• Necessary and proportionate: Only share what is needed for the purpose.

• Relevant: Information must relate to the safeguarding concern.

• Adequate: Sufficient to support decision-making.

• Accurate and up to date: Factually correct and current.

• Timely: Shared promptly to reduce risk.

• Secure: Shared and stored safely, in line with organisational policies.

• Recorded: Document what was shared, with whom, and why.

The “Golden Rules”:

1. Safeguarding trumps confidentiality: The need to protect individuals from harm usually outweighs the need to protect confidentiality.

2. Consent is not always required: You do not need consent to share information if there is a safeguarding risk, but it is good practice to inform the individual unless doing so increases risk.

3. Seek advice if unsure: Consult your manager, safeguarding lead, or information governance team if you are uncertain.

4. Share with the right people: Only share with those who need to know to safeguard or support the individual.

5. Record your decision: Whether you share or withhold information, always record your rationale.

5. Consent and Information Sharing

• Best practice: Be open and honest with individuals about what information you may need to share and why.

• With consent: Where possible and safe, seek consent to share information.

• Without consent: You may share information without consent if:

• The individual lacks capacity to consent (apply the Mental Capacity Act)

• Others (including children) are at risk

• A crime has been or may be committed

• The person is under duress or coercion

• Staff are implicated

• There is a court order or legal requirement

• If refusing consent: Support the individual to understand the risks, record their decision and your rationale, and keep the situation under review.

6. Sharing Information Without Consent

You can share information without consent if:

• It is necessary to prevent serious harm or crime

• Others are at risk

• The public interest in sharing outweighs the individual’s right to confidentiality

Always explain to the individual, where safe, that you are sharing information without their consent, and record your reasons.

7. When Not to Share

It may be appropriate not to share information if:

• The individual has capacity and refuses consent

• No one else is at risk

• No crime has been or may be committed

• No staff are implicated

• No duress or coercion is suspected

• The public interest in maintaining confidentiality outweighs the need to share

8. Complex Multi-Agency Working

• Multi-Agency Safeguarding Hubs (MASH): Enable real-time information sharing and decision-making.

• Cross-boundary working: Agencies must cooperate even where geographical or organisational boundaries differ.

• Escalation: If a partner refuses to share information, follow the Escalation Process.

9. Special Considerations

9.1 Mental Capacity

• Presume capacity unless proven otherwise.

• Support individuals to make their own decisions.

• If lacking capacity, act in their best interests and in the least restrictive way.

9.2 Risk of Harm from Sharing

• Consider whether sharing information could increase risk (e.g., domestic abuse).

• Work with partners to minimise any potential harm from sharing.

9.3 Allegations Against People in Positions of Trust

• Share information with employers or regulatory bodies where there is a risk to others. Follow the LADO process for children and young people, and the Person in a Position of Trust process for adults.

• Decisions should be made in partnership and in line with legal requirements.

9.4 After Death

• Safeguarding duties may continue if there are risks to others.

• Information may be shared to support investigations or prevent future harm.

10. Data Protection and Confidentiality in Practice

• Data Controllers: Your organisation is responsible for compliance with data protection law.

• Data Protection Impact Assessments (DPIA): Required for large-scale or high-risk data sharing.

• Personal and Special Category Data: Extra care must be taken with sensitive information (e.g., health, ethnicity, criminal records).

11. Practical Steps for Practitioners

1. Recognise when information needs to be shared for safeguarding.

2. Check your organisation’s policies and seek advice if needed.

3. Decide what information is necessary, relevant, and proportionate.

4. Share securely and with the right people.

5. Record your decision and the information shared.

6. Review the outcome and keep the situation under review.

12. Further Resources

• Information Commissioner’s Office (ICO): https://ico.org.uk/

• Care Act Statutory Guidance: https://www.gov.uk/government/publications/care-act-statutory-guidance

• Working Together to Safeguard Children: https://www.gov.uk/government/publications/working-together-to-safeguard-children--2

Bottom line:
If you are concerned that a child, young person, or adult with care and support needs is at risk of harm, share the information with the appropriate safeguarding partner. If in doubt, seek advice—do not let uncertainty prevent you from acting to protect someone from harm.

This guidance is based on statutory requirements and best practice. It will be reviewed regularly to ensure ongoing compliance and effectiveness.