1. Background
  2. Scope & Philosophy
  3. Introduction to Information Sharing
  4. Golden Rules for Information Sharing
  5. Further Information to Inform Decision Making
  6. How Organisations can support Practitioners
  7. Training


A Further Guidance on Legal Issues A-1




Unless the context otherwise requires, this Instruction is applicable to all members of the Armed Forces and civilians serving in the Federal Republic of Germany (FRG) and elsewhere in North West Europe (NWE) within the command of HQ BFG and HQ 1 (UK) Armd Div.



I am committed, as are those in my Command, to providing the best possible welfare services to all members of the BFG community.  For those services to be truly effective they must be holistic which means that often more than one agency will be involved in finding a complete solution to an individual’s problems, usually in conjunction with the chain of command.  To achieve the desired outcome there will be times when we need to share personal information between agencies and with the chain of command.


Personal information is just that, personal, and there must be strict guidelines in place to ensure that the sharing of information is done in accordance with the law and governmental policy.  Otherwise, the essential commodity of trust will be lost.  We need to know when information can be shared and when it cannot.  This Information Sharing Protocol sets out the principles and procedures for the sharing of personal information within BFG and must be read, endorsed and understood by all.


Throughout our careers in the military environment we are taught to protect and secure information and I appreciate that for many the concept of sharing personal information will be somewhat alien.  However, it is of fundamental importance that we get it right and this will require a shift in culture and a change in the way in which we all conduct our daily business.  This protocol, combined with sound professional judgement, will help us to share information appropriately which, in turn, will improve outcomes and save lives.



“Ensuring that children and young people are kept safe and receive the support they need when they need it is vital.  Where information sharing is necessary to achieve this objective it is important that practitioners have a clear understanding of when information can be shared.  It is also important for them to understand the circumstances when sharing is not appropriate.  The Data Protection Act is not a barrier to sharing information but is in place to ensure that personal information is shared appropriately.”

Richard Thomas - Information Commissioner


Recommendation:  establish clear procedures and protocols for communication and collaboration between social care, health and police services to support safeguarding of children, and ensure that these are adhered to.

Ofsted - Joint Area Review (Baby P) Nov 08


“Those who have local accountability for keeping children safe should ensure that all staff in every service, from frontline practitioners to legal advisers and managers in statutory services and the voluntary sector, understand the circumstances in which they may lawfully share information about children and their parents, and that it is in the public interest to prioritise the safety and welfare of children.  Agencies should regularly test their local information sharing arrangements to satisfy themselves that their procedures are understood and working properly to protect children.                    


Recommendation:  Every Children’s Trust should assure themselves that partners consistently apply the Information Sharing Guidance published by the Department for Children, Schools and Families and the Department for Communities and Local Government to protect children.”

Lord Laming - Progress Report 12 Mar 09



1.There is a perception that the Data Protection Act 1998 is a barrier to sharing information whereas, in reality, its purpose is to ensure that personal information is shared appropriately.  Also, within a Service environment there is a natural inclination to keep information secure.  In the past these factors have combined to restrict the passage of information when it should have been shared. Accordingly, it is important for COs and UWOs to adopt a more enlightened approach and as such the aim of this Protocol is to set out the principles for information sharing and explain when confidential information should be shared between agencies and the chain of command and when it should not.        



2The statutory inquiry held in 2003 into the death of Victoria Climbié, and the first joint Chief Inspectors’ Report on safeguarding children highlighted the lack of priority status given to safeguarding children generally and resulted in the publication of the Government’s Green Paper Every Child Matters and the introduction of the Children Act 2004.  The Children Act 2004 (the Act) imposed an obligation on English and Welsh Local Authorities to create Local Safeguarding Children Boards (LSCBs) and also highlighted the duty on all agencies to safeguard and promote the welfare of children by applying a philosophy of inter-agency co-operation.    


3The armed forces are fully committed to co-operating with statutory and other agencies and, in accordance with ‘Working Together to Safeguard Children’, have adopted procedures to help safeguard and promote the welfare of children.  Although the Act only relates to England and Wales, the MOD is committed to complying with the spirit of the legislation as far as possible, to ensure that our children and young people who are overseas receive the services they require and are not disadvantaged.  Accordingly, Headquarters British Forces Germany (HQ BFG) has taken on the responsibilities of a Local Authority and established the BFG Safeguarding Children Board, which reflects the principles set out in the Act.  


4One of the fundamentals of inter-agency co-operation is information sharing.  This Protocol is designed to compliment and support BFG policy to improve information sharing across children’s services and across the wider command and to promote best practice.  In particular, it supports BFG policy developed in the Children and Young Peoples Plan (C&YPP), SOBA(G) 3351 (Chapter 3) and the Community Services Strategy (2008-2013) for British Forces Germany (BFG).  This protocol is primarily aimed at providing guidance to those working with children and young people but it is equally applicable to practitioners working with adults and families. In addition, it takes account of the governmental guidance on information sharing published in Oct 08 and the recommendations made by Lord Laming in Mar 09 following the case of ‘Baby P’. 



5.The contents of this document are for application by all personnel with responsibilities for children and young people under the jurisdiction of BFG authorities, these include: 

  1. Commanding Officers (COs) and the chain of command.
  2. BFSWS (including Central Referral Team (CRT)).
  3. JRT (to include Service Police and BFSWS personnel).
  4. Service Police.
  5. Independent Conference and Review Service (ICRS).
  6. BFGHS.
  7. SCE.
  8. AWS (including Youth and Community Service).
  9. British Forces Early Years Service (BFEYS).
  10. Probation Service.
  11. Voluntary Groups.
  12. Armed Forces G1 Community Support.
  13. Unit Welfare Officers (UWO).
  14. Army Legal Services (ALS).
  15. Military Courts Services (MCS).
  16. European Support Group (ESG).
  17. DDS.
  18. Home-Start BFG


6.The concept of ‘sharing information’ within a Service environment will go against the natural grain for some and will be counter-intuitive to many.  We need to be prepared to modify this restrictive approach, to adopt a more open philosophy and make information sharing an integral part of the way in which practitioners fulfil their duties.  The purpose of this Protocol is to inform, so that information can be viewed in context, shared with confidence within a clear framework that is trusted and is both legitimate and clearly understood by all.    



7.Why Information Sharing is important.  Sharing information is vital for the following reasons:

  • early intervention ensures that children and young people with additional needs get the services they require. 
  • There are numerous agencies that operate for the benefit of the service community within BFG.  Effective co-operation between these agencies and the chain of command is paramount in providing a high quality, holistic and seamless service. 
  • It is important that practitioners understand why, when and how they should share information so that they can do so confidently and appropriately as part of their day-to-day practice. 


8.This protocol is for practitioners who have to make decisions about sharing personal information on a case by case basis.  This includes ‘front-line’ staff working in health, education, schools, social care, youth work, early years, family support, offending and criminal justice, service police, advisory and support services and the chain of command.  It is also for managers and advisors who support the practitioners.


9.In the turbulence of Service life there are many transition points; these can include postings, changing schools, medical treatment and hospitalisation and discipline to name but a few.  In all these cases, information sharing is important to ensure that an individual gets the support that they require, through and after a transition.


10.Sharing Information where there are concerns about serious harm to a child.  It is critical that where you have reasonable cause to believe that a child or young person may be suffering or may be at risk of suffering significant harm , you should always consider referring your concerns to children’s social care (i.e. BFSWS) or to the Royal Military Police, in line with BFG SB procedures. 


11.Staff in adults’ services should be aware that problems faced by service users who have parenting responsibilities are often likely to affect children and other family members.  This information should be shared with colleagues in those services with responsibilities for the children to ensure that any additional support required for the children can be provided early. 


12.In some situations there may be a concern that a child or young person may be:

  • suffering, or
  • at risk of suffering significant harm, or
  • at risk of causing significant harm to another child or
  • at risk of causing serious harm to an adult.  


However, you may be unsure whether what has given rise to your concern constitutes ‘a reasonable cause to believe’.  In these situations, the concern must not be ignored.  You should always talk to someone to help you decide what to do – a lead person on safeguarding, a Caldicott guardian, your manager, an experienced and trusted colleague or another practitioner who knows the person.  The BFSWS Central Referral Team offers a consultation service for people who want to discuss concerns they may have.  You should protect the identity of the child or young person wherever possible until you have established a reasonable cause for your belief.


13.Sharing information where there are concerns about serious harm to an adult.  You may be sharing information about an adult as part of your aim to deliver more effective intervention at an earlier stage to prevent problems escalating and to increase the chances of achieving positive outcomes.  However, there may also be situations where you may want to share information because you are concerned about serious harm to an adult. 


14.If you believe the adult you are dealing with is vulnerable or unable to make informed decisions then you will need to take this into consideration when making your decision.  Where harm, or risk of harm, to a vulnerable adult is suspected appropriate action should be taken in accordance with your local codes of practice.  


15.Sharing information where you have a statutory duty or a court order.  Where you have a statutory duty or court order to share information you must do so unless, in the case of a court order, your organisation is prepared to challenge it. 


16.Sharing information in an emergency situation (terrorist-related action, natural

disaster and other incidents).  The nature of emergency situations will vary but information sharing is always a vital part of providing services to the people affected by them.  Whilst the principles and legislative basis underpinning the sharing of information are broadly the same in an emergency situation, it is more likely than not that it will be in the interests of the individuals for personal data to be shared.


17.Timeliness is a key consideration in emergency situations.  It may not be appropriate to seek consent for information sharing if delays could incur as a result.  You should

always consider:

  • how much information needs to be shared to achieve the objective and.
  • the most appropriate way in which to do so given the urgency of the situation. 


Security of information sharing must still be considered but should be proportionate to the sensitivity of the information and the circumstances.


18. Confidentiality policies.  There are strict confidentiality policies across the MoD and supporting agencies that seek to ensure that personal information is not passed to third parties without the person's consent. There are a few exceptions to this principle involving situations when there is risk to self or other, serious criminal acts including breaches of security or if operational effectiveness is seriously compromised.  Agencies, Organisations and Units must apprise themselves of the relevant policies in effect at any given time. 




  1. Remember that the Data Protection Act is not a barrier to sharing information but provides a framework to ensure that personal information about living persons is shared appropriately.
  2. Be open and honest with the person (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so.
  3. Seek advice if you are in any doubt, without disclosing the identity of the person where possible.
  4. Share with consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information.  You may still share information without consent if, in your judgement, that lack of consent can be overridden in the public interest.  You will need to base your judgement on the facts of the case.
  5. Consider safety and well-being.  Base your information sharing decisions on considerations of the safety and well-being of the person and others who may be affected by their actions.
  6. Necessary, proportionate, relevant, accurate, timely and secure.  Ensure that the information you share is:
    • necessary for the purpose for which you are sharing it,
    • is shared only with those people who need to have it,
    • is accurate and up-to-date,
    • is shared in a timely fashion, and
    • is shared securely.
  7. Keep a record of your decision and the reasons for it – whether it is to share information or not.  If you decide to share, then record what you have shared, with whom and for what purpose.


20.In sum, practitioners must:

  • be supported by their employers
  • understand what information is and is not confidential
  • where possible obtain consent to share
  • understand public interest and proportionality
  • apply good practice early as part of preventative work
  • be clear that information can normally be shared where you judge that a child or young person is at risk of significant harm or that an adult is at risk of serious harm


Flowchart of key principles for information sharing


If there are concerns that a child may be at risk of significant harm or an adult at risk of serious harm, then follow the relevant procedures without delay.

Seek advice if you are not sure what to do at any stage and ensure that the outcome of the discussion is recorded



21.To inform your decision making this section sets out further information in the form of seven key questions about information sharing:

  1. Is there a clear and legitimate purpose for you or your agency to share the information?
  2. Does the information enable a living person to be identified?
  3. Is the information confidential?
  4. If the information is confidential, do you have consent to share?
  5. If consent is refused, or there are good reasons not to seek consent to share confidential information, is there a sufficient public interest to share the information?
  6. If the decision is to share, are you sharing information appropriately and securely?
  7. Have you properly recorded your information sharing decision?

Further information on each of the questions can be found in the remainder of this section.


Question 1: Is there a clear and legitimate purpose for sharing information?

22.If you are asked, or wish, to share information about a person you need to have a good reason or a clear and legitimate purpose to do so.  This will be relevant to whether the sharing is lawful in a number of ways.


23.If you work for a statutory service, for example, education, social care, health or justice, the sharing of information must be within the functions or powers of that statutory body.  It is likely that this will be the case if you are sharing the information as a normal part of the job you do for that agency.  This will also be the case if you work in the private or voluntary sector and are contracted by one of the statutory agencies to provide services on their behalf.


24.Whether you work for a statutory or non-statutory service, any sharing of information must comply with the law relating to confidentiality, data protection and human rights.  Establishing a legitimate purpose for sharing information is an important part of meeting those requirements.  There is more information about the legal framework for sharing information at Annex A.


25.Individual agencies may have developed their own Individual Information Sharing Agreements (IISAs), specific guidelines and processes for sharing information.  You will need to be guided by your agency’s policies and procedures and – where applicable – by your professional code.


Statutory Duty and Court Orders.  In some situations you are required by law to share information, for example, in the NHS where a person has a specific disease about which environmental health services must be notified.  There will also be times when a court will make an order for certain information or case files to be brought before the court.


26.These situations are relatively unusual and where they apply you should know or be told about them.  In such situations, you must share the information, even if it is confidential and consent has not been given, unless in the case of a court order, your organisation is prepared to challenge it and is likely to seek legal advice.


27.Consent from the individual is not required in these situations and should not be sought because of the potential consequences of refusal.  Wherever possible, subject to considerations set out in paragraph 34, you should inform the individual concerned that you are sharing the information, why you are doing so, and with whom.

Question 2: Does the information enable a living person to be identified?

28.In most cases the information covered by this guidance will be about an identifiable living individual.  It may also identify others, such as a child, partner, parent or carer.  If the information is anonymised, it can be shared.  However, if the information is about an identifiable individual or would enable a living person to be identified when considered with other information, it is personal information and is subject to data protection and other laws.  The remainder of this section provides further information to inform your decision about sharing personal information.


29.Wherever possible, you should be open about what personal information you might need to share and why.  In some situations, it may not be appropriate to inform a person that information is being shared or seek consent to this sharing, for example, if it is likely to:

  • hamper the prevention or investigation of a serious crime or
  • put a child at risk of significant harm or an adult at risk of serious harm.

Question 3: Is the information confidential?

30.Confidential information is:

  • personal information of a private or sensitive nature; and
  • information that is not already lawfully in the public domain or readily available from another public source; and
  • information that has been shared in circumstances where the person giving the information could reasonably expect that it would not be shared with others.


This is a complex area and you should seek advice if you are unsure.


31.There are different types of circumstances that are relevant to confidentiality.  One is where a formal confidential relationship exists, for instance between:

  • a doctor and patient, or
  • a social worker and their client, or
  • a counsellor and their client or
  • a lawyer and their client.  


Here it is generally accepted that information is provided in confidence.  In these circumstances all information provided by the individual needs to be treated as confidential.  This is regardless of whether or not the information is directly relevant to the medical, social care or personal matter that is the main reason for the relationship.  Another circumstance is, for example, in an informal conversation, where a pupil may tell a teacher a whole range of information but only asks the teacher to treat some specific information confidentially.  In this circumstance, only the information specific to the pupil’s request would be considered to be confidential.  There are also circumstances where information not generally regarded as confidential (such as name and address) may be provided in the expectation of confidentiality and therefore should be considered to be confidential information.


32.Sometimes people may not specifically ask you to keep information confidential when they discuss their own issues or pass on information about others, but may assume that personal information will be treated as confidential.  In these situations you should check with the individual whether the information is or is not confidential, the limits around confidentiality and under what circumstances information may or may not be shared with others.


33.Confidence is only breached where the sharing of confidential information is not authorised by the person who provided it or, if about another person, by the person to whom it relates.  If the information was provided on the understanding that it would be shared with a limited range of people or for limited purposes, then sharing in accordance with that understanding will not be a breach of confidence.  Similarly, there will not be a breach of confidence where there is consent to the sharing.


34.Information about an individual or family is confidential to the agency as a whole, and not to individual practitioners.  However individual practitioners do have a responsibility to maintain the confidentiality of the information.  They should only share confidential information with other practitioners in the same agency or team for genuine purposes, for example, to seek advice on a particular case or ensure cover for work while on leave.  This should be explained clearly to the individual or family at the start of the involvement.


35.Public bodies that hold information of a private or sensitive nature about individuals for the purposes of carrying out their functions (for example children’s social care, young people’s health services or adult mental health services) may also owe a duty of confidentiality, as people have provided information on the understanding that it will be used for those purposes.  In some cases the agency may have a statutory obligation to maintain confidentiality, for example, in relation to the case files of looked after children.

Question 4: Do you have consent to share?

36.Consent issues can be complex and a lack of clarity about them can sometimes lead practitioners to assume incorrectly that no information can be shared.  This section gives further information to help you understand and address the issues.  It covers:

  • what constitutes consent;
  • whose consent should be sought; and
  • when consent should not be sought.


37.What constitutes consent?  Consent must be ‘informed’.  This means that the person giving consent needs to understand:

  • why information needs to be shared,
  • what will be shared,
  • who will see their information,
  • the purpose to which it will be put and
  • the implications of sharing that information.


38.Consent can be ‘explicit’ or ‘implicit’.  Obtaining explicit consent for information sharing is best practice and ideally should be obtained at the start of the involvement, when working with the individual or family to agree what support is required.  It can be expressed either verbally or in writing, although written consent is preferable since that reduces the scope for subsequent dispute.  Implicit consent can also be valid in many circumstances.  Consent can legitimately be implied if the context is such that information sharing is intrinsic to the activity or service, and especially if that has been explained or agreed at the outset.  An example of implicit consent is where a GP refers a patient to a hospital specialist and the patient agrees to the referral.  In this situation the GP can assume the patient has given implicit consent to share information with the hospital specialist.  However, explicit consent would be required to share information outside the bounds of the original service or setting, for example, for a different type of referral.  In a multi-agency service, explicit consent for information sharing is usually obtained at the start of the involvement and covers all of the agencies within the service.  This would provide implicit consent to share information within the multi-agency service but there would be a need to seek additional explicit consent for sharing with practitioners or agencies outside of the service. 


39.It is best practice to set out clearly your agency’s policy on sharing information when the service is first accessed.  The approach to securing consent should be transparent and respect the individual.  Consent must not be secured through coercion or inferred from a lack of response to a request for consent.


40.If there is a significant change in the use to which the information will be put compared to that which had previously been explained, or a change in the relationship between the agency and the individual, consent should be sought again.  Individuals have the right to withdraw consent at any time.



41.Whose consent should be sought – children and young people. You may also need to consider whose consent should be sought.  Where there is a duty of confidence, it is owed to the person who has provided the information on the understanding it is to be kept confidential.  It is also owed to the person to whom the information relates, if different from the information provider.  A child or young person, who has the capacity to understand and make their own decisions, may give (or refuse) consent to sharing.


42.Children aged 12 or over may generally be expected to have sufficient understanding.  Younger children may also have sufficient understanding.  As explained in paragraph 54, this is presumed in law for young people aged 16 and older.  When assessing a child’s understanding you should explain the issues to the child in a way that is suitable for their age, language and likely understanding.  Where applicable, you should use their preferred mode of communication. 


43.The following criteria should be considered in assessing whether a particular child or young person on a particular occasion has sufficient understanding to consent, or to refuse consent, to sharing of information about them:

  • Can the child or young person understand the question being asked of them?
  • Do they have a reasonable understanding of:
    • what information might be shared;
    • the main reason or reasons for sharing the information; and
    • the implications of sharing that information, and of not sharing it?
  • Can they:
    • appreciate and consider the alternative courses of action open to them;    
    • weigh up one aspect of the situation against another;
    • express a clear personal view on the matter, as distinct from repeating what someone else thinks they should do; and
    • be reasonably consistent in their view on the matter, or are they constantly changing their mind?


44.Considerations about whether a child has sufficient understanding are often referred to as Fraser guidelines, although these were formulated with reference to contraception and contain specific considerations not included above.


45.In most cases, where a child cannot consent or where you have judged that they are not competent to consent, a person with parental responsibility should be asked to consent on behalf of the child.  If a child or young person is judged not to have the capacity to make decisions, their views should still be sought as far as possible.


46.Where parental consent is required, the consent of one such person is sufficient.  In situations where family members are in conflict you will need to consider carefully whose consent should be sought.  If the parents are separated, the consent would usually be sought from the parent with whom the child resides.  If a care order is in force, the local authority will share parental responsibility with the parent(s) and practitioners should liaise with them about questions of consent.


47.If you judge a child or young person to be competent to give consent, then their consent or refusal to consent is the one to consider, even if a parent or carer disagrees.  Where parental consent is not required, you should encourage the young person to discuss the issue with their parents.  However, you should not withhold the service on the condition that they do so. 


48.These issues can raise difficult dilemmas.  Wherever appropriate you should try to work with all involved to reach an agreement or understanding of the information to be shared.  You must always act in accordance with your professional code of practice where there is one and consider the safety and well-being of the child, even where that means overriding refusal to consent.  You should seek advice from your manager or nominated advisor if you are unsure.


49.Whose consent should be sought – adults.  It is good practice to seek consent of an adult where possible.  All people aged 16 and over are presumed, in law, to have the capacity to give or withhold their consent to the sharing of confidential information, unless there is evidence to the contrary.


50.The Mental Capacity Act 2005 Code of Practice defines the term ‘a person who lacks capacity’ as a person who lacks capacity to make a particular decision or take a particular action for themselves, at the time the decision or action needs to be taken.


51.A person who is suffering from a mental disorder or impairment does not necessarily lack the capacity to give or withhold their consent for information sharing.  Equally, a person who would otherwise be competent may be temporarily incapable of giving valid consent due to factors such as extreme fatigue, drunkenness, shock, fear, severe pain or sedation.  The fact that an individual has made a decision that appears to others to be irrational or unjustified should not be taken on its own as conclusive evidence that the individual lacks the mental capacity to make that decision.  If, however, the decision is clearly contrary to previously expressed wishes, or is based on a misperception of reality, this may be indicative of a lack of capacity and further investigation will be required.


52.All decisions taken on behalf of a person who lacks capacity must be taken in their best interests.  A judgement about best interests is not an attempt to determine what the person would have wanted.  It is as objective a test as possible of what would be in the person’s actual best interests, taking into account all relevant factors.  Factors to be addressed include: 

  • the person’s own wishes (where these can be ascertained); and
  • the views of those close to the person, especially close relatives, partners, carers, welfare attorneys, court-appointed deputies or guardians.


53.The Mental Capacity Act 2005 Code of Practice provides information on points to consider when assessing a person’s capacity to make a specific decision and should be referred to for more detailed guidance (for location see Annex C).  These are essentially the same as the criteria set out at paragraph 48.


54.If you consider that an adult may not have the capacity to give ‘informed consent’ for information sharing, you must follow the Code of Practice.  If you judge that an individual does not have the capacity to make decisions, their views should still be sought as far as possible.


55.When consent should not be sought.  There will be some circumstances where you should not seek consent from the individual or their family, or inform them that the information will be shared.  For example, if doing so would: 

  • place a person (the individual, family member, yourself or a third party) atincreased risk of significant harm if a child, or serious harm if an adult; or
  • prejudice the prevention, detection or prosecution of a serious crime;
  • lead to an unjustified delay in making enquiries about allegations of significant harm to a child, or serious harm to an adult.


56.You should not seek consent when you are required by law to share information through a statutory duty or court order.  In these situations, subject to considerations set out in paragraph 34, you should inform the individual concerned that you are sharing the information, why you are doing so, and with whom.

Question 5: Is there sufficient public interest to share the information?

57.Even where you do not have consent to share confidential information, you may lawfully share it if this can be justified in the public interest.  Seeking consent should be the first option.  However, where consent cannot be obtained or is refused, or where seeking it is inappropriate or unsafe as explained at paragraph 60, the question of whether there is a sufficient public interest must be judged by the practitioner on the facts of each case.  Therefore, where you have a concern about a person, you should not regard refusal of consent as necessarily precluding the sharing of confidential information.


58.A public interest can arise in a wide range of circumstances, for example:

  • to protect children from significant harm,
  • to protect adults from serious harm,
  • to promote the welfare of children or
  • to prevent crime and disorder.  


There are also public interests, which in some circumstances may weigh against sharing, including the public interest in maintaining public confidence in the confidentiality of certain services.


59.The key factors in deciding whether or not to share confidential information are:

  • necessity and,
  • proportionality


In other words, whether the proposed sharing is likely to make an effective contribution to preventing the risk and whether the public interest in sharing information overrides the interest in maintaining confidentiality.  In making the decision you must weigh up what might happen if the information is shared against what might happen if it is not and make a decision based on professional judgement.  The nature of the information to be shared is a factor in this decision making, particularly if it is sensitive information where the implications of sharing may be especially significant for the individual or for their relationship with the practitioner and the service.  For more on the legal background see Annex A.


60.It is not possible to give guidance to cover every circumstance in which sharing of confidential information without consent will be justified.  You must make a judgement on the facts of the individual case.  Where there is:

  • a clear risk of significant harm to a child or
  • serious harm to an adult,


the public interest test will almost certainly be satisfied (except as described in para 67).  There will be other cases where you will be justified in sharing limited confidential information in order to make decisions on sharing further information or taking action – the information shared should be necessary for the purpose and be proportionate.


61.There are some circumstances in which sharing confidential information without consent will normally be justified in the public interest.  These are:

  • when there is evidence or reasonable cause to believe that a child is suffering, or is at risk of suffering, significant harm; or
  • when there is evidence or reasonable cause to believe that an adult is suffering, or is at risk of suffering, serious harm; or
  • to prevent significant harm to a child or serious harm to an adult , including through the prevention, detection and prosecution of serious crime.


62.An exception to this would be where an adult with capacity to make decisions (see paragraph 54 et seq) puts himself/herself at risk but presents no risk of significant harm to children or serious harm to other adults.  In this case it may not be justifiable to share information without consent.  You should seek advice if you are unsure.


63.If you are unsure whether the public interest justifies disclosing confidential information without consent, you should be able to seek advice from your manager or a nominated individual in your organisation or local area whose role is to support you in these circumstances.  Where possible you should not disclose the identity of the person concerned.  Other sources of advice include:

  • the Information Commissioner’s Office (ICO),
  • the BFG Safeguarding Board or,
  • the Divisional Legal Branch.  


If you are working in the NHS or a local authority, the Caldicott Guardian may be helpful.  Advice can also be sought from representative bodies, for example, the British Medical Association or the Royal College of Nursing.


64.All organisations working with children will have a nominated person who undertakes a lead role for safeguarding children.  If the concern is about possible abuse or neglect of a child or young person, you should discuss your concerns with your manager or the nominated person within your organisation or area.  If you still have concerns, you should refer your concerns to children’s social care and/or the police in line with your Local Safeguarding Children Board procedures.


65.You should discuss any concerns with the family and, where possible, seek their agreement to making referrals to children’s social care only where such discussion and agreement-seeking will not place a child at increased risk of significant harm, or any other individual at increased risk of serious harm, or lead to interference with any potential investigation.  The child’s safety and well-being must be the overriding consideration in making any such decisions.


66.If you decide to share confidential information without consent, you should explain to the person that you intend to share the information and why, unless it is inappropriate or unsafe to do so (as explained in paragraph 60).


Question 6: Are you sharing information appropriately and securely?


67.If you decide to share information, you should share it in a proper and timely way, act in accordance with the principles of the Data Protection Act 1998, and follow your organisation’s policy and procedures.  In relation to sharing information at the front-line, you will need to ensure that you: 

  • share only the information necessary for the purpose for which it is being shared;
  • understand the limits of any consent given, especially if the information has been provided by a third party;
  • distinguish clearly between fact and opinion;
  • share the information only with the person or people who need to know;
  • check that the information is accurate and up-to-date;
  • share it in a secure way, for example, confirm the identity of the person you are talking to; ensure that a conversation or phone call cannot be overheard; use secure e-mail; ensure that the intended person will be on hand to receive a fax;
  • establish with the recipient whether they intend to pass it on to other people, and ensure they understand the limits of any consent that has been given; and
  • inform the person to whom the information relates and, if different, any other person who provided the information, if you have not done so already and it is safe to do so.


68.In deciding what information to share, you also need to consider the safety of other parties, such as yourself, other practitioners and members of the public.  If the information you want to share allows another party to be identified, for example, from details in the information itself or as the only possible source of the information, you need to consider if sharing the information would be reasonable in all circumstances.  Could your purpose be met by only sharing information that would not put that person’s safety at risk?

Question 7: Have you properly recorded your information sharing decision?

69.You should record your decision and the reasons for it, whether or not you decide to share the information.  If the decision is to share, you should record what information was shared and with whom.


70.You should work within your agency’s arrangements for recording information and within any local information sharing procedures in place.  These arrangements and procedures must be in accordance with the Data Protection Act 1998.



71.This section describes the important organisational and cultural aspects that are required to ensure that good practice in information sharing is promoted and supported.


72.Organisational support.  Practitioners need to understand their organisation’s position and commitment to information sharing.  They need to have confidence in the continued support of their organisation where they have used their professional judgement and shared information professionally.


73.To give practitioners confidence to apply the guidance in practice, it is important that: 

  • a culture that supports information sharing between and within agencies, organisations and the chain of command including proactive mechanisms for identifying and resolving potential issues and opportunities for reflective practice;
  • a systematic approach within their agency to explain to service users when the service is first accessed, how and why information may be shared, and the standards that will be adopted, which will help to build the confidence of all involved;
  • clear systems, standards and procedures for ensuring the security of information and for sharing information.  These may derive from the organisation’s information sharing governance (as set out in paragraph 82), any local procedures in place, or from their professional code of conduct;
  • infrastructure and systems to support secure information sharing, for example, access to secure e-mail or online information systems;
  • effective supervision and support in developing practitioners’ and managers’ professional judgement in making these decisions.  For example, access to training where practitioners can discuss issues which concern them and explore case examples with other practitioners; and specific training and support for managers and advisors who provide support to practitioners in making information sharing decisions;
  • mechanisms for monitoring and auditing information sharing practice; and
  • a designated source of impartial advice and support on information sharing issues, and for resolution of any conflicts about information sharing.


74.For children’s services, the statutory guidance in section 10 of the Children Act 2004 clearly lays out organisational duties regarding information sharing.  All Agencies and Organisations within BFG should ensure that information sharing is addressed and they all:

  • change strategies and service delivery plans incorporate effective and clearly understood mechanisms for sharing information across service and professional boundaries;
  • relevant managers and practitioners receive adequate training on information sharing;
  • managers, practitioners and other staff understand the legal basis on which information can be shared;
  • information sharing becomes an integral part of the way in which practitioners fulfil their duties; and
  • strategic managers are familiar with the guidance that their managers in children’s services should follow.


75.Whilst these types of statutory duties are not always so clearly specified for other services, they are generally good practice and could be of benefit to all.


76.Information sharing governance framework.  Information Sharing within BFG will be monitored and regulated by the BFG Safeguarding Board.  This General Information Sharing Protocol should be read in conjunction with SOBF(G) 3351. This provides detail of the general principles and terms for the sharing of information between agencies and with the chain of command.  However, whilst the Protocol provides the framework for sharing information the importance of professional judgement in information sharing at the front-line should never be under-estimated.  All COs, UWOs and front-line practitioners and managers are expected to read, understand and apply this Protocol so that they have confidence in their organisation’s commitment and support for professional information sharing.


77.Agencies, organisations and Units will be required to produce their own documentation for service users which should include, a ‘Privacy/Confidentiality Statement’, ‘Fair Processing Notice’, ‘Consent’, and ‘Subject Access’.  Relevant staff within the organisations must understand these processes and be able to access documentation when required. 



78.All parties to this Protocol will ensure that their employees who need to share personal information under the Protocol or under an Individual Information Sharing Agreement receive appropriate training organised through the BFG Safeguarding Board, to enable them to share information legally, comply with any professional codes of practice and comply with any local policies and procedures.


79.Regular training is essential so that practitioners can discuss issues which concern them and explore case examples with other practitioners; this applies equally to the managers and advisors who provide support to practitioners in making information sharing decisions.



[1] Working Together to Safeguard Children (Para 2.138) – HM Government 2006

[2] Central Core Working Group (Objective 4)

[3] Significant Harm has been explained as: ‘where the question of whether harm suffered by a child is significant turns on the child’s health and development, his/her health or development shall be compared with that which could reasonably be expected of a similar child.’  Children Act 1989.  Please refer to the Glossary at Annex B.

[4] ‘Serious harm’ is defined as death or serious injury to a person’s physical or mental health (DH, 2008).

[5] For the purposes of this guidance, serious crime means any crime which causes or is likely to cause significant harm to a child or serious harm to an adult.