Catholic Safeguarding Advisory Service logo

Catholic Safeguarding Advisory Service (CSAS)Procedures Manual

Information Sharing Protocol

SCOPE OF THIS CHAPTER

This Protocol should be read in conjunction with Part 3, Information and Access to Records (Procedures) of this manual and in particular the Information Sharing Procedure.

Contents

  1. Introduction and Context
  2. Information Sharing Questions and Answers
  3. Seven Golden Rules for Information Sharing
  4. Information Sharing Agreement Key Principles

    Appendix 1: Information Sharing Agreement

    Appendix 2: Information Sharing Request / Decision Form

    Appendix 3: Data Protection Law

    Appendix 4: Case Examples

    Bibliography

1. Introduction and Context

The Catholic Church in England and Wales is committed to promoting a culture of safeguarding. In order to deliver on this goal, and to ensure best practice in safeguarding matters, a ‘one church approach’ that demonstrates responsible and effective information sharing is crucial.

Sharing information has many benefits, in particular enabling organisations to cooperate thus helping to ensure the young and the vulnerable are given the protection they need. We are also mindful that sharing information presents risks if done insensitively and/or unlawfully.

This Protocol is intended to be a simple practical guide to help all involved in safeguarding within the Catholic Church in England and Wales to develop the confidence to make good decisions in relation to information sharing. The Information Sharing Agreement is a way of promoting a ‘one church approach’ where partner organisations demonstrate their commitment to responsible and effective communication for the protection of the young and the vulnerable.

Context

The Catholic Church’s national safeguarding structure comprises of a number of organisations and groups between which information, when appropriate, is shared. Partner organisations include: Dioceses, Religious Congregations, Catholic Voluntary Groups/Organisations, the Congregation of Religious, Catholic Safeguarding Advisory Service and the National Catholic Safeguarding Commission,

The various organisations are in and of themselves separate legal entities. Information cannot be freely shared between organisations unless there is a clear and legitimate reason to do so.

This Protocol provides a framework that will facilitate appropriate sharing of personal and/or sensitive information between partner organisations within the National Safeguarding Structure and also with the appropriate Statutory Agencies. It is recommended each organisation that is a signatory to this Information Sharing Agreement obtains the contact details for its Designated Officer (formerly known as the LADO)/Designated Adult Safeguarding Manager (DASM)) and Police Child Protection Unit and keeps them readily available for those who may be called upon to use them.

The aim of this Information Sharing Protocol is to safeguard the welfare of the young and the vulnerable in our midst.

The objectives of this Information Sharing Protocol are to:

  • Encourage the appropriate sharing of information;
  • Identify the legal basis for information sharing;
  • Increase awareness and understanding on key issues relating to information sharing;
  • Provide a guide on how to share personal information lawfully;
  • Help protect partner organisations from wrongful use of personal data;
  • Introduce the Information Sharing Agreement.

To this end the Protocol:

2. Information Sharing Questions and Answers

What do we mean by Information Sharing?

There are two main types of information sharing. The first involves information that is shared within an organisation. The second is information that is shared with another organisation. This protocol is primarily aimed at information that is shared between organisations and groups within the National Safeguarding Structure. The principles also apply to sharing information with statutory agencies.

What are the benefits of adhering to an Information Sharing Protocol?
  • The Cumberlege Commission Report (2007) highlighted the need for a ‘One Church Approach’ to safeguarding - adhering to this protocol will demonstrate consistency of safeguarding best practice;
  • The Protocol offers clarity on when and how information can be shared legally and in line with best safeguarding practice.
What is an Information Sharing Agreement?

The Information Sharing Agreement is a document that partner organisations/groups within the Catholic Safeguarding Structure sign, demonstrating their commitment to promoting best practice in Information Sharing.

Why is an Information Sharing Agreement required?
  • To protect the young and the vulnerable from abuse and harm;
  • To ensure the Catholic Church in England and Wales responds to safeguarding matters in a timely and appropriate manner;
  • To enable the whole church to have confidence knowing that the ‘Church’ will respond to safeguarding matters appropriately, putting the best interest of the young and the vulnerable before the interest of the institution;
  • To ensure individuals are not constrained by uncertainty about what information they can/cannot share.

What information is it appropriate to share?

Information Sharing: Advice for Practitioners Providing Safeguarding Services (March 2015) states that:

You do not necessarily need the consent of the information subject to share their personal information.

Wherever possible, you should seek consent or be open and honest with the individual (and/or their family, where appropriate) from the outset as to why, what, how and with whom, their information will be shared. You should seek consent where an individual may not expect their information to be passed on and they have a genuine choice about this.. More stringent rules apply to sensitive personal information, when, if consent is necessary then it should be explicit. But even without consent, or explicit consent, it is still possible to share personal information if it is necessary in order to carry out your role, or to protect the vital interests of the individual where, for example, consent cannot be given. Also, if it is unsafe or inappropriate to do so, i.e. where there are concerns that a child is suffering, or is likely to suffer significant harm, you would not need to seek consent. A record of what has been shared should be kept.

It is also possible that an overriding public interest would justify disclosure of the information (or that sharing is required by a court order, other legal obligation or statutory exemption). To overcome the common law duty of confidence, the public interest threshold is not necessarily difficult to meet – particularly in emergency situations. Confidential health information carries a higher threshold, but it should still be possible to proceed where the circumstances are serious enough. As is the case for all personal information processing, initial thought needs to be given as to whether the objective can be achieved by limiting the amount of information shared – does all of the personal information need to be shared to achieve the objective?

There can be significant consequences to not sharing information as there can be for sharing information. The following questions will help in deciding whether or not to share information and what information is appropriate to share.

  • Is there a clear and legitimate purpose for sharing information?
  • Does the information enable a living person to be identified?
  • Is the information confidential?
  • Do you have consent to share the information?
  • Is there sufficient public interest to share the information?
  • Are you sharing information appropriately and securely?
  • Have you recorded your information sharing decision?
Is there a clear and legitimate purpose for sharing the information?

If you are asked, or wish, to share information about a person you need to have a good reason to do so if it is to be lawful. You have to comply with the law relating to confidentiality, data protection and human rights. Establishing a legitimate purpose for sharing information is an important part of meeting those requirements.

Does the information enable a living person to be identified?

If information is anonymised it can be shared. If the information to be shared, when considered alongside other information, enables a living person to be identified it is subject to data protection laws.

How do you decide if the information is confidential? Confidential information is:

  • Personal information of a private or sensitive nature;
  • Information that is not already lawfully in the public domain;
  • Information that has been shared in circumstances where the person giving the information could reasonably expect that it would not be shared with others.

Do you have consent to share information? Where possible you should:

  • Be open and honest about what personal information you might need to share and why;
  • Seek permission to share personal or sensitive information;
  • Respect the wishes of those who do not give consent to share confidential information.

NB You may share information without consent, if in your judgement the lack of consent is overridden in the public interest. In making a decision you must weigh up what might happen if the information is shared against what might happen if it is not.

In some circumstances you should not seek consent if doing so would:

  • Place a child or an adult at increased risk of significant harm;
  • Prejudice the prevention, detection or prosecution of a serious crime;
  • Lead to unjustifiable delay in making enquiries about allegations of significant or serious harm.

Is the information being shared appropriately and securely?

  • You should only share information that is necessary to achieve the purpose;
  • Only share information with those who need to know;
  • Check out the identity of the person you are talking to;
  • Make sure the conversation cannot be overheard;
  • As far as possible make sure that the information is accurate and up to date;
  • Use secure email;
  • If using fax - make sure the intended person is on hand to receive the fax;
  • Check who will see the information and whether they intend to pass on this information.

Has the information sharing decision been recorded properly?

It is important to record your information sharing decision. This should include:

  • Reason for sharing or reason for not sharing (e.g. there was/was not a clear and legitimate reason to share information);
  • The purpose of sharing the information (the purpose should explain the legitimate reason);
  • What information was shared, how and with whom.

What about Disclosure and Barring Service (DBS Check) information?

The Catholic Church in England and Wales (and associated partner organisations) use DBS Disclosures as part of its Safer Recruitment process. CSAS, its authorised Counter-Signatories and those deemed to be “employers” are obligated to adhere to DBS Code of Practice. This dictates that Disclosure information is only shared “with relevant persons in the course of their specific duties relevant to recruitment and vetting processes”. In practical terms, this means that Disclosure information is only provided to those who have an entitlement in order to make an appointment or selection decision.

For the Policy Statement on the Safe Storage, Retention and Handling of Disclosure Information (as required by the DBS), please refer to the Safer Recruitment Practice Including DBS Disclosures Procedure, Policy on Secure Storage and Retention.

What is the process should a person move parish, Diocese, or take up a DBS eligible role with another Catholic partner organisation?

A key benefit of a single Registered Body (CSAS) for the Catholic Church of England & Wales, is the ability to minimise the need for numerous Church DBS checks should a person move parish, Diocese, or work with a Religious Order or a Catholic Charity (with whom CSAS has an Umbrella Body Agreement).

Note: In the event that an individual asks for confirmation of their Disclosure number and date of issue (where they have misplaced their Certificate copy), you can supply this information either in writing or verbally once you are satisfied that the individual is indeed who they say they are. This can be established by asking the individual to confirm some basic personal details i.e. Date of Birth, Parish or Order relevant to the role and Disclosure, 1st line of home address and postcode.

For detailed guidance on how to proceed in these circumstances, please refer to the CSAS online policy manual Safer Recruitment Practice Including DBS Disclosures Procedure, Specific DBS Topics or Circumstances Including Changes of Roles; Portability and Online Update Service and DP Act.

What can you do if you have any queries concerning the circumstances in which DBS Disclosure information can or cannot be shared?

You can contact CSAS for assistance. This will ensure that the Church does not breach Data Protection legislation or DBS Code of Practice, which could jeopardise the DBS services within the national safeguarding structure.

3. Seven Golden Rules for Information Sharing

  1. Remember that the Data Protection Act 1998 and human rights laws are not barriers to justified information sharing but provide a framework to ensure that personal information about living individuals is shared appropriately;
  2. Be open and honest with the individual (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so;
  3. Seek advice from other practitioners if you are in any doubt about sharing the information concerned, without disclosing the identity of the individual where possible;
  4. Share with informed consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, there is good reason to do so, such as where safety may be at risk. You will need to base your judgment on the facts of the case. When you are sharing or requesting personal information from someone, be certain of the basis upon which you are doing so. Where you have consent, be mindful that an individual might not expect information to be shared;
  5. Consider safety and well-being: Base your information sharing decisions on considerations of the safety and wellbeing of the individual and others who may be affected by their actions;
  6. Necessary, proportionate, relevant, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those people who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely;
  7. Keep a record of your decision and the reasons for it - whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.

Source:- Information Sharing: Advice for Practitioners Providing Safeguarding Services (March 2015)

4. Information Sharing Agreement Key Principles

There are risks associated with both sharing and not sharing information, but the risks can be mitigated by informed and considered information sharing decisions. Adhering to key principles can help to make good information sharing decisions.

1. Adherence to the Data Protection Principles

All information sharing is:

  • Fairly and lawfully processed;
  • Processed for limited purpose;
  • Adequate, relevant and not excessive;
  • Accurate and kept up to date;
  • Not kept longer than necessary;
  • Processed in line with a given individual’s rights;
  • Kept secure;
  • Not transferable to other countries without adequate protection.

1.1

Fairly and Lawfully Processed

The Information Sharing Protocol facilitates information being shared for specific lawful purposes, or where appropriate consent has been obtained. It does not give licence for unrestricted access to information between Partner Organisations.

Organisations must be aware that an individual may withdraw consent to processing their personal information. In such instances processing can only continue where an applicable condition as set out in the Data Protection Act (DPA) 1998 Schedule 2 (personal data) and /or Schedule 3 (sensitive personal data) applies. See Appendix 2: Information Sharing Request / Decision Form.

Partner Organisations should not assume that non personal information is not sensitive information.

1.2

Sharing Information Without Consent

In order to disclose personal data (where consent to share is withheld or gaining consent is not appropriate or possible) the DPA 1998 requires that at least one condition of Schedule 2 must be met. Where the information is personal and sensitive then at least one condition in both Schedules 2 and 3 must be met. Fairness and lawfulness must be considered alongside the conditions in Schedules 2 and 3. See Appendix 2: Information Sharing Request / Decision Form.

Where there is a statutory obligation to disclose personal data then consent of the data subject is not required: wherever possible the data subject should be informed that the obligation exists.

Where consent is used as a form of justification for disclosure, the data subject must be informed of their right to withdraw consent at any time.

Specific procedures apply where the data subject is not able to give informed consent due to age (Gillick Competency) or where the individual has a condition that means that they do not have the capacity to give informed consent. See Gillick Competency and Fraser Guidelines, NSPCC 2009.

1.3

Restriction on the use of shared information

All shared information is for a limited purpose; any further uses made of this data will not be lawful or covered by the Information Sharing Agreement.

1.4

Security

Each Partner Organisation is responsible for ensuring that their organisational and security measures protect the lawful use of information shared under this protocol. Information is not transferable to other countries without adequate protection - CSAS advice should be sought when sharing information abroad.

2.

Quality of Information

Information needs to be of a standard that is fit for purpose - this means that information should be accurate, up to date and not kept for longer than necessary as outlined in the DPA principles.

3.

Training Partner

Organisation must ensure that staff are trained to a level which enables them to undertake the information sharing tasks confidently, efficiently and lawfully.

4. Compliance/Monitoring

Partner Organisations accept responsibility for auditing compliance with the Information Sharing Agreement.

Dioceses and Religious will be audited against National Information Sharing Quality Standards by the Catholic Safeguarding Advisory Service, on behalf of the National Catholic Safeguarding Commission.

4.1

Written Policy

Partner Organisations will have a written policy for the retention and disposal of information.

4.2

Responsibility for staff:

  • Each Partner Organisation is responsible for ensuring that staff are aware and comply with the obligations to protect confidentiality and a duty to disclose information only to those who have a right to it;
  • Each Partner Organisation ensures that staff accessing information under the Information Sharing Agreements are fully aware of their responsibilities to maintain the security and confidentiality of the personal information;
  • All Partner Organisation have a responsibility to ensure staff are trained to a level which enables them to undertake the information sharing tasks confidently, efficiently and lawfully.

4.3

Information Sharing and Condition of Employment:

Each Partner Organisation includes within the written conditions of employment that employees agree to abide by the rules and policies in relation to the protection and use of personal data.
5. Individual Responsibility: Every Individual working for Partner Organisations:
  • Is responsible for the safekeeping of any information they obtain, handle, use or disclose;
  • Knows how to obtain, use, and share information they legitimately need in order to do their job;
  • Has an obligation to take steps to validate the authorisation of another before disclosing any information requested under this protocol;
  • Must uphold principles of confidentiality;
  • Must be aware that any violation of privacy or breach of confidentiality is unlawful and is a disciplinary matter.

6.

Review Arrangements

The agreement will be formally reviewed periodically by CSAS subject to revised legislation or national guidance. Any signatory can request an extraordinary meeting at any time.

Each Partner Organisation must ensure that revisions to the protocol and to the Information Sharing Agreement are communicated to all staff in a timely fashion.

Appendix 1: Information Sharing Agreement

Click here to view 'Information Sharing Agreement'.

Appendix 2: Information Sharing Request / Decision Form

Information Sharing Request / Decision Form

Name of organisation requesting information:

 

Name and position of person requesting information:

 

Date of request:

 

Reason: (there is / is not a clear and legitimate reason to share information.)

 

Purpose (explain the legitimate reason)

 

Decision: (disclose/not disclose)

 

Data sharing decision made by:
(Name and position)

 

Any specific arrangements re: retention/deletion of data:

 

Signed:

 

Date:

 

Appendix 3: Data Protection Law

Schedule 2: Conditions Relevant for the Purposes of the First Principle: Processing of any Personal Data

At least one of the following conditions must be met whenever you process personal data:

  1. The data subject has given their consent to the processing;
  2. The processing is necessary:
    1. for the performance of a contract to which the data subject is a party; or
    2. for the taking of steps at the request of the data subject with a view to entering into a contract.
  3. The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract;
  4. The processing is necessary in order to protect the vital interests of the data subject;
  5. The processing is necessary for the administration of justice, or for exercising statutory, or other public functions;
  6. The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the individual to whom the data relates.

Schedule 3: Conditions Relevant for the Purposes of the First Principle: Processing of Sensitive Personal Data

At least one of the following conditions must be met whenever you process sensitive personal data:

  1. The data subject has given his explicit consent to the processing of the personal data;
  2. The processing is necessary for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with employment;
  3. The processing is necessary to protect the vital interests of:
    • Data subject (in a case where the individual’s consent cannot be given or reasonable obtained);
    • Another person (in the case where the consent by or on behalf of the data subject has been unreasonable withheld).
  4. The processing is carried out by a not for profit organisation and does not involve disclosing of personal data to a third party unless the individual consents otherwise and is carried out with appropriate safeguards for the rights and freedoms of data subject;
  5. The information contained in the personal data has been made public as a result of steps deliberately taken by the data subject;
  6. The processing is necessary for the purpose of, or in connection with, any legal proceedings:
    • Is necessary for the purpose of obtaining legal advice; or
    • Is otherwise necessary for the purposes of establishing, exercising or defending legal rights.

Appendix 4: Case Examples

There are many occasions when information needs to be shared between the different organisations within the National Safeguarding Structure, or shared with organisations outside the Catholic Safeguarding Structure such as Police or Social Services.

  1. Case Example 1: Information Sharing Where there are Child Protection Concerns;
  2. Case Example 2: Information Sharing Where there are Child Protection Concerns;
  3. Case Example 3: Information sharing in relation to an allegation of child abuse;
  4. Case Example 4: Information sharing to protect an Adult;
  5. Case Example 5: National ‘Alerts’ - Sharing information to ensure nationally agreed standards are upheld;
  6. Case Example 6: Sharing information to ensure safeguarding best practice is maintained and is consistent throughout the Catholic Church in England and Wales;
  7. Case Example 7: Request to confirm someone’s Criminal Record Bureau Check;
  8. Case Example 8: Preliminary Enquiry.

Case Example 1: Information Sharing Where there are Child Protection Concerns

Where you have reasonable cause to believe that a child or young person has suffered, or is likely to suffer significant harm, you must always consider referring your concerns to Children’s Services or Police in line with national policy and your Local Safeguarding Children’s Board procedures.

In some situations there may be a concern that a child or young person has suffered, or is likely to suffer significant harm, or may be causing significant harm to another child or adult.

You may be unsure whether what has given rise to your concern constitutes ‘a reasonable cause to believe’. In these situations, the concern must not be ignored. You should always talk to someone to help you decide what to do - a lead person on safeguarding, another experienced colleague or CSAS.

You should protect the identity of the child or young person wherever possible until you have established a reasonable cause for your belief.

Paul a nine year old tells his mother that his friend John does not go home after liturgy class because Mr Brown always asks him to help clear up. The child is upset saying that John never walks home with him any more and seems to be different… “I don’t think he wants to be my friend anymore”.

Paul’s mum has also noticed that John is behaving differently - more withdrawn. She tries to call John’s mum but is not able to contact her.

She calls the Parish Safeguarding Representative and says that she is concerned about John but at the same time concerned that she may be misreading the situation.

The Parish Safeguarding Representative calls the Safeguarding Coordinator who discusses the situation with the local priest. The Priest is able to offer clarification…at the present time John’s mum is in hospital. Mr Brown is John’s uncle and is looking after John whilst his dad visits his wife.

The Safeguarding Coordinator informs Paul’s mum that she has made enquiries and there is no cause for concern.

The Safeguarding Coordinator noted the enquiry and her actions.

The sharing of information was:

  • Fairly and lawfully processed - there is a legitimate reason for processing;
  • Processed for limited purpose - to check out a concern;
  • Adequate, relevant and not excessive - only enough information to check out/allay concern.

Case Example 2: Information Sharing Where there are Child Protection Concerns

The Police approach a Diocese requesting information about a youth worker in the Diocese against whom an allegation has been made. A parent alleges she saw him drinking in a pub with a number of young people under the age of 18. She claims he was flirting with some of the young girls, buying them drinks and offering to drive them home, whilst over the limit.

The Police have the names of some of the young people involved. They have asked for their contact detail. This should be provided to the Police.

The sharing of information is:

  • Fairly and lawfully processed - there is a legitimate reason for processing - the investigation of at least 2 potential crimes (sexual activity with children and drink driving);
  • Processed for limited purpose - to locate the individuals at risk and for child protection;
  • Adequate, relevant and not excessive - sufficient for the Police and the Local Authority Safeguarding team to make an informed decision.

Case Example 3: Information Sharing in Relation to an Allegation of Child Abuse

There are occasions when CSAS is contacted by people seeking advice on where to go, or what to do with a concern.

CSAS receives a call from an individual in relation to an incident of alleged child abuse by a volunteer within the Catholic Church. CSAS would listen to the concern, note details and pass information on to the appropriate Diocesan Safeguarding Office for them to refer as appropriate to the local statutory authority.

The sharing of information is:

  • Fairly and lawfully processed - there is a legitimate reason for processing;
  • Processed for limited purpose - child protection;
  • Adequate, relevant and not excessive - sufficient information for the local Safeguarding Office to proceed.

Case Example 4: Information Sharing to Protect an Adult

CSAS receives a call from an individual concerned about their elderly mother. The mother had reported to her daughter that a priest called at her home and touched her in an inappropriate manner - which could constitute a sexual assault.

The mother is in her eighties, lives alone, has good mental facilities, and is able to make informed decisions.

The mother is adamant that she does not want to involve the police or social services but was concerned about other elderly people who the priest may visit.

The daughter wants to know if she should report the incident to the police.

CSAS informs the daughter that her mother had the right not to inform the police/social services and that her consent would be required for this to happen. This is different from child protection allegations where there is a duty to inform the Police.

Respecting the individual’s rights to self determination and ensuring the safety of the vulnerable are however not incompatible.

CSAS suggested the mother may benefit from talking to the safeguarding coordinator who would provide information on the options available. If the mother refused to take matters further in relation to reporting the incident to the Police/Social Services then her wishes should be respected.

The Church has a responsibility to consider other adults with whom the priest has contact and may need to take appropriate action. This may include discussing the situation with the Bishop and/or with the statutory agency without divulging personal information of the mother/daughter.

CSAS gave information about the Diocesan Safeguarding Office and the name and contact details of the Safeguarding Coordinator.

The mother agreed to see the Safeguarding Coordinator; agreed to the Bishop being informed but refused permission to report the incident to the Police. Had the mother refused permission to inform the Bishop then information could still be shared as:

The sharing of information is:

  • Fairly and lawfully processed - there is a legitimate reason for processing;
  • Processed for limited purpose - protection of adults;
  • Adequate, relevant and not excessive - sufficient information for the Bishop to consider options (no details of the mother/family given).

Case Example 5: National ‘Alerts’ - Sharing Information to Ensure Nationally Agreed Standards are Upheld

The Catholic Church in England and Wales require individuals entering their jurisdiction to provide a testimonial of suitability to the Bishop or Congregational Leader before they undertake any active ministry. There are times when people come to the UK and begin active ministry without presenting a testimonial of suitability. Sometimes this means that they are undertaking active ministry in a number of Dioceses or Religious settings. When this comes to light the situation has to be rectified - the individual is required to cease active ministry until a testimonial of suitability is received and accepted.

A problem may arise when the whereabouts of the individual concerned is not known.

It has come to CSAS’s attention that a cleric from overseas is undertaking work in the UK without a ‘testimonial of suitability’. His/her current whereabouts and contact details are unknown…

CSAS response: In order to clarify the situation an email alert is sent to all Catholic Safeguarding Coordinator to the affect:

“Testimonial of Suitability”

“We are trying to contact Fr Joe of the xxxxx order in the United States - if you have his contact details please let CSAS know as soon as possible”.

This statement respects the data protection principles - in particular:

  • Fairly and lawfully processed - there is a legitimate reason for processing;
  • Processed for limited purpose - to locate the individual;
  • Adequate, relevant and not excessive - only enough information to identify individual and the issue in question.

Case Example 6: Sharing Information to Ensure Safeguarding Best Practice is Maintained and is Consistent throughout the Catholic Church in England and Wales

The National Catholic Safeguarding Commission (NCSC) has the responsibility to ensure that standards are met and policies implemented (Safeguarding with Confidence p 36 -37).

CSAS is commissioned by the NCSC to undertake “quality” audits into safeguarding arrangements in Dioceses covering the three primary areas of:

  • Casework and recording practice;
  • Induction, support and training;
  • Safer Recruitment practice.

The sharing of information is:

  • Fairly and lawfully processed - there is a legitimate reason for processing;
  • Processed for limited purpose - to ensure adherence to safeguarding policy/ procedures;
  • Adequate, relevant and not excessive - sufficient to check out compliance to policy/procedures.

Case Example 7: Request to Confirm Someone’s Criminal Record Bureau Check

There are circumstances when a request to confirm an individual’s DBS status is received. This may arise in 2 particular circumstances.

  1. The Safeguarding Office has DBS checked an individual for their Church role and that person is now looking to work/volunteer with an entirely separate body (for example with another Catholic charity). The other organisation is seeking to use “portability”;

    In these cases, the signed written consent of the individual to whom the DBS Disclosure relates is essential before any information is supplied;

    Please refer to the specific “Portability” Guidance contained within the online CSAS Policy manual for full guidance on how to proceed and what information can be shared - see Safer Recruitment Practice Including DBS Disclosures Procedure, Specific DBS Topics or Circumstances Including Changes of Roles; Portability and Online Update Service and DP Act;
  1. St. Vincent de Paul Society contact the Safeguarding Office requesting confirmation in relation to the DBS status of an individual that works for them;

    Whilst the individual may have been DBS checked for that role, as the information is being sought post Disclosure and subsequent to the recruitment process concluding, the signed written consent of the individual concerned must be provided to the Counter-Signatory prior to any information being shared;

    The DBS Code of Practice dictates that only confirmation of the Disclosure number; the issue date and the level at which the DBS Disclosure was processed (i.e. Standard or Enhanced) is provided;

    It is important to check that the individual to whom you are providing the information is indeed an authorised representative of the requesting organisation.

The sharing of information is:

  • Fairly and lawfully processed - written consent is obtained.

Case Example 8: Preliminary Enquiry

The NCSC preliminary enquiry protocol is the procedure for an internal enquiry of apparent inappropriate conduct. This might follow the completion of criminal investigations where a concern remains or it may be in relation to conduct which does not amount to a crime but where the position of an accused person within the Church needs to be considered.

Where a concern remains, an independent person (that is independent of the Diocese or religious congregation) is appointed to carry out such enquiries as appropriate, seeking assistance from the statutory agencies where they hold information, interviewing witnesses, the victim(s) /complainants, the accused and others who can provide information as to the alleged incidents or other relevant information.

The independent person (paid or voluntary) is instructed by the ‘trust/organisation’ concerned. Before an independent person is instructed to carry out the enquiry however he/she must be approved by CSAS. Therefore CSAS needs to know the nature of the enquiry to be carried out to ensure the investigator has the right skill mix to undertake the task to a high professional standard.

The independent enquiry function respects the data protection principles:

  • Fairly and lawfully processed - there is a legitimate reason for processing;
  • Processed for limited purpose - protection of the young or the vulnerable;
  • Adequate, relevant and not excessive - sufficient for the Safeguarding Commission to make an informed decision.

Bibliography

  1. Common Law Duty of Care:
  2. Data Protection Act 1998;
  3. Data Sharing Code of Practice (Information Commissioner's Office);
  4. Data Sharing Checklists;
  5. Information Sharing - Advice for Practitioners providing Safeguarding Services to Children, Young People, Parents and Carers, March 2015;
  6. Human Rights Act 1998;
  7. Freedom of Information Act 2000;
  8. Care and Support Statutory Guidance issued under the Care Act 2014;
  9. The Cumberlege Commission Report - Safeguarding e with Confidence, 2007;
  10. Code of Canon Law.