Information Sharing & Consent
Contents
- Introduction
- London Multi-Agency Safeguarding Data Sharing Agreement for Safeguarding & Promoting the Welfare of Children - January 2021
- Principles of Information Sharing and Consent
- What is the Legal Framework that supports information sharing?
- Consent from a Young Person (Gillick Competence and Fraser Guidelines of Consent)
Appendix 1 – Data Protection Act 2018 Principles of Information Sharing
Appendix 2 – Information Sharing Flow Chart
Introduction
In order to ensure that safeguarding decisions are made with timely, necessary and proportionate interventions and support, decision makers require full information concerning children, their parents, carers and their circumstances to be available to them. Information viewed alone or in silos is unlikely to give the full picture or identify the true risks.
All relevant information from various agencies involved in their care or support, needs to be available and accessible in one place. A Multi-Agency Safeguarding Hub (MASH) helps ensure this and aids communication between all safeguarding partners, thus ensuring that the team quickly identifies those who are subject to or at risk of harm.
Information should only be shared within the MASH for the purposes of safeguarding and promoting the welfare of children, and for the prevention and detection of related crime.
HM Government advice on Information Sharing (May 2024)
This HM Government advice outlines the importance of sharing information about children, young people and their families in order to safeguard children. It should be read alongside the statutory guidance Working together to safeguard children 2023. The advice is non-statutory and replaces the HM Government Information sharing: advice for practitioners providing safeguarding services to children, young people, parents and carers published in July 2018.
This advice focuses on the legal framework and how it supports information sharing for the purposes of safeguarding children from abuse and neglect. It does not detail the additional professional responsibilities that might apply for different practitioners. Practitioners should consider this advice alongside guidance specific to their profession or service area. For example, doctors should consider the General Medical Council guidance, ‘Protecting Children and Young People and those working in schools and colleges should consider Keeping Children Safe in Education. Other relevant guidance documents, such as the Eight Caldicott principles, and useful materials can be found in Annex B.
This document includes information and advice regarding understanding safeguarding, understanding information sharing, understanding the "lawful" basis; the complexities of information sharing and consent, and why it causes confusion and your responsibilities regarding information sharing.
London Multi-Agency Safeguarding Data Sharing Agreement for Safeguarding & Promoting the Welfare of Children - January 2021 +
Local Safeguarding Partners are responsible for ensuring that relevant information is shared in a timely and proportionate way, both within the local area and across local authority boundaries. Local Safeguarding Partnerships should promote the use of the “London Multi-Agency Safeguarding Data Sharing Agreement for Safeguarding and Promoting the Welfare of Children” which sets out the legal basis for sharing information between agencies in London.
FAQs for Sharing Data Sharing Agreements
London Multi-Agency Safeguarding Data Sharing Agreement for Safeguarding & Promoting the Welfare of Children
Data Protection Impact Statement
The Seven Golden Rules for sharing information (including personal information)
- All children have a right to be protected from abuse and neglect. Protecting a child from such harm takes priority over protecting their privacy, or the privacy rights of the person(s) failing to protect them. The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA) provide a framework to support information sharing where practitioners have reason to believe failure to share information may result in the child being at risk of harm.
- When you have a safeguarding concern, wherever it is practicable and safe to do so, engage with the child and/or their carer(s), and explain who you intend to share information with, what information you will be sharing and why. You are not required to inform them, if you have reason to believe that doing so may put the child at increased risk of harm (e.g., because their carer(s) may harm the child, or react violently to anyone seeking to intervene, or because the child might withhold information or withdraw from services).
- You do not need consent to share personal information about a child and/or members of their family if a child is at risk or there is a perceived risk of harm. You need a lawful basis to share information under data protection law, but when you intend to share information as part of action to safeguard a child at possible risk of harm, consent may not be an appropriate basis for sharing. It is good practice to ensure transparency about your decisions and seek to work cooperatively with a child and their carer(s) wherever possible. This means you should consider any objection the child or their carers may have to proposed information sharing, but you should consider overriding their objections if you believe sharing the information is necessary to protect the child from harm.
- Seek advice promptly whenever you are uncertain or do not fully understand how the legal framework supports information sharing in a particular case. Do not leave a child at risk of harm because you have concerns you might be criticised for sharing information. Instead, find out who in your organisation/agency can provide advice about what information to share and with whom. This may be your manager/supervisor, the designated safeguarding children professional, the data protection / information governance lead (e.g., Data Protection Officer), Caldicott Guardian, or relevant policy or legal team. If you work for a small charity or voluntary organisation, follow the NSPCC's safeguarding guidance.
- When sharing information, ensure you and the person or agency/organisation that receives the information take steps to protect the identities of any individuals (e.g., the child, a carer, a neighbour, or a colleague) who might suffer harm if their details became known to an abuser or one of their associates.
- Only share relevant and accurate information with individuals or agencies/organisations that have a role in safeguarding the child and/or providing their family with support, and only share the information they need to support the provision of their services. Sharing information with a third party rarely requires you to share an entire record or case-file – you must only share information that is necessary, proportionate for the intended purpose, relevant, adequate and accurate.
- Record the reasons for your information sharing decision, irrespective of whether or not you decide to share information. When another practitioner or organisation requests information from you, and you decide not to share it, be prepared to explain why you chose not to do so. Be willing to reconsider your decision if the requestor shares new information that might cause you to regard
information you hold in a new light. When recording any decision, clearly set out the rationale and be prepared to explain your reasons if you are asked.
Definitions
Personal Information/Data is:
- Information/Data which relates to a living, individual who can be identified from the data or other data/information that the organisation holds.
- Could be single elements or a combination e.g. names, addresses, occupation, date of birth etc.it could also include opinions about them and intentions towards them.
Sensitive Personal Information/Data is:
- Physical or mental health, racial or ethnic origin, political opinions, TU membership, sexual life, criminal allegations or record.
Principles of Information Sharing & Consent +
The principles set out below are intended to help practitioners working with children, young people, parents and carers share information between organisations. Practitioners should use their judgement when making decisions on what information to share and when and should follow organisation procedures or consult with their manager if in doubt. The most important consideration is whether sharing information is likely to safeguard and protect a child.
Necessary and proportionate
When taking decisions about what information to share, you should consider how much information you need to release. The Data Protection Act 2018 requires you to consider the impact of disclosing information on the information subject and any third parties. Any information shared must be proportionate to the need and level of risk.
Relevant
Only information that is relevant to the purposes should be shared with those who need it. This allows others to do their job effectively and make sound decisions.
Adequate
Information should be adequate for its purpose. Information should be of the right quality to ensure that it can be understood and relied upon.
Accurate
Information should be accurate and up to date and should clearly distinguish between fact and opinion. If the information is historical then this should be explained.
Timely
Information should be shared in a timely way to reduce the risk of harm. Timeliness is key in emergency situations and it may not be appropriate to seek consent for information sharing if it could cause delays and therefore harm to a child. Practitioners should ensure that sufficient information is shared, as well as consider the urgency with which to share it.
Secure
Information should be shared in the most secure way available. Practitioners must always follow their organisation’s policy on security for handling personal information.
Record
Information sharing decisions should be recorded whether or not the decision is taken to share. If the decision is to share, reasons should be cited including what information has been shared and with whom, in line with organisational procedures. If the decision is not to share, it is good practice to record the reasons for this decision and discuss them with the requester. Information should be kept In line with each organisation’s retention policy.
What Information can I share?
Share the information which is necessary for your purpose. It may not be necessary to give all agencies access to all the information you hold. Make sure what you provide is up to date, accurate and relevant.
When and how to share information
When asked to share information, you should consider the following questions to help you decide if and when to share. If the decision is taken to share, you should consider how best to effectively share the information.
When?
Q: Is there a clear and legitimate purpose for sharing information?
- Yes – see next question
- No – do not share information
Q: Does the information enable an individual to be identified?
- Yes – see next question
- No – you can share but should consider how
Q: Is the information confidential?
- Yes – see next question
- No – you can share but should consider how
Q: Do you have consent?
- Yes – you can share but should consider how
- No – see next question
Q: Is there another reason to share information such as to fulfil a public function or to protect the vital interests of the individual?
- Yes – you can share but should consider how
- No – do not share
Who?
- Which agencies need to be involved in the sharing?
- Who do we need information about in order to make the decision – child, parent, carer, others? Is it sensitive personal information? Do we have their consent?
How?
- Ensure you are giving the right information to the right person, and that it is shared securely.
- Identify how much information to share
- Distinguish fact from opinion
- Ensure that you are giving the right information to the right person
- Inform the individual that the information has been shared if they were not aware of this, as long as this would not create or increase risk of harm
Consent to Share Information
Check you have consent from all people whose information is to be shared unless the safeguarding concerns put the child at risk of significant harm or would prevent the child from being harmed. Ensure information shared is relevant and proportionate.
Agencies should be advised where possible to obtain consent before referring a case to the MASH Service. If this happens, individuals will have an understanding and expectation of how their information is going to be used, with whom and why. Where consent has not been obtained, reasons for this will be documented on both the agency and MASH records.
Where sensitive personal information is being shared explicit consent is expected, this may be written e.g. consent form or a clear record of verbal consent obtained stating the date, time and what information is to be held/shared.
In some cases, the work of the MASH might be obstructed if Partners were to seek consent. In such cases the disclosing Partner must consider other lawful basis for processing the information.
The decision whether or not to share information must be recorded by each partner agency.
Consider the following before sharing information - if in doubt seek advice from a manager
Consent
Do you have consent to share this information for this purpose? Consent is particularly important for sensitive personal information. The Privacy Notice (a statement that indicates consent to hold and share information see consent form) relating to the collection of information should identify the purposes for which it was collected. Does this say it would be shared? Otherwise consent should be obtained wherever possible before sharing information.
Partial Consent
Where consent has been given to share information with some, but not all, agencies, does this include the agency you want to share it with? If you do have consent, then the paragraph above applies. If you do not have consent, then the paragraph below applies.
Sharing without consent
If you are not seeking consent, the reason must be proportionate and you must weigh up the important legal duty to seek consent and the damage that might be caused by sharing the information. This should be balanced against the type and extent of any harm that might be caused (or not prevented) by seeking consent. It is good practice to obtain consent before sharing information. If consent is not obtained, the decision should always be reasonable, necessary and proportionate, and should always be recorded together with the rationale.
If the need to share is urgent, and seeking consent will lead to unjustified delay in making enquiries about allegations of significant harm to a child, or if safeguarding is paramount, take immediate action and share the information without consent, but remember to record the reason for the decision.
Sharing information when consent has been refused
There may be times when consent is sought and refused. This does not mean that information cannot be shared. The refusal of consent should be considered in conjunction with other concerns and, if it is considered justifiable, then information can and MUST be shared. If professionals consider it justifiable to override the refusal in the interests of the welfare of the child then they can do so. This decision must be proportionate to the harm that may be caused by proceeding without consent.
Public Interest
It is possible to disclose personal information without consent if this is in the defined category of “Public Interest”. The principles of the DPA [Section 2 above] would still apply in such cases.
The Public Interest Criteria include the:
- Protection of vulnerable members of the community
- Administration of justice
- Maintaining of public safety
- Apprehension of offenders
- Prevention of crime and disorder
- Detection of crime
- Protection of vulnerable members of the community
When judging the public interest, it is necessary to consider the following:
- Is the intended disclosure proportionate to the intended aim?
- What is the vulnerability of those who are at risk?
- What is the impact of disclosure likely to be on the individual to whom the shared information pertains?
- Is there another equally effective means of achieving the same aim?
- Is the disclosure necessary to prevent or detect crime and uphold the rights and freedoms of the public?
- Is it necessary to disclose the information, to protect others?
The rule of proportionality should be applied to ensure that a fair balance is achieved between the public interest and the rights of the individual’s information.
What is the Legal Framework that supports information sharing? +
The main legal framework relating to the protection of personal information is set out in:
There is no general power to obtain, hold or process information and there is no statutory power to share information. Where information is held it should be processed in accordance with the Data Protection Act principles.
However, some Acts of Parliament do give statutory public bodies express or implied statutory powers to share information under some circumstances. There are a number of pieces of legislation. Some of these are relevant to all members of the Family Safeguarding Teams. Others relate to specific organisations.
Legislation allows the lawful sharing of personal information and is covered in this guide using the following legislative frameworks.
Working Together 2023 states that:-
28. No single practitioner can have a full picture of a child’s needs and circumstances so effective sharing of information between practitioners, local organisations and agencies is essential for early identification of need, assessment, and service provision to keep children safe. Rapid reviews and child safeguarding practice reviews have highlighted that missed opportunities to record, understand the significance of, and share information in a timely manner can have severe consequences for children.
29. Practitioners should be proactive in sharing information as early as possible to help identify, assess, and respond to risks or concerns about the safety and welfare of children. This may be when problems are first emerging (for example, persistent school absences) or where a child is already known to local authority children’s social care. Sharing information about any adults with whom that child has contact, which may impact the child’s safety or welfare, is also critical.
30. Information sharing is also essential for the identification of patterns of behaviour when a child is at risk of going missing or has gone missing, including being missing from education. When multiple children appear associated to the same context or locations of risk, or in relation to children in the secure estate where there may be multiple local authorities involved in a child’s care, it will be for local safeguarding partners to consider how they build relationships and share relevant information in a timely and proportionate way with each other, other local organisations, and other safeguarding partnerships.
31. The Data Protection Act 201812 and UK General Data Protection Regulation (UK GDPR) supports the sharing of relevant information for the purposes of keeping children safe. Fears about sharing information must not be allowed to stand in the way of safeguarding and promoting the welfare of children. To ensure effective safeguarding arrangements:
- all organisations and agencies should have arrangements in place that set out clearly the processes and the principles for sharing information. The arrangements should cover how information will be shared with their own organisation/agency and with others who may be involved in a child’s life
- practitioners should not assume that someone else will pass on information that they think may be critical to keep a child safe. If a practitioner has concerns about a child’s welfare or safety, then they should share the information with local authority children’s social care and/or the police. All practitioners should be particularly alert to the importance of sharing information when a child moves from one local authority into another, due to the risk that knowledge pertinent to keeping a child safe could be lost
- UK GDPR provides a number of bases for sharing personal information. It is not necessary to seek consent to share information for the purposes of safeguarding and promoting the welfare of a child provided that there is a lawful basis to process any personal information required. The legal bases that may be appropriate for sharing data in these circumstances could be “legal obligation” or “public task”, which includes the performance of a task in the public interest or the exercise of official authority. Each of the lawful bases under UK GDPR has different requirements13. In some circumstances, it may be appropriate to obtain consent to share data, but it is important to note that UK GDPR sets a high standard for consent which is specific, time limited and can be withdrawn (in which case the information would have to be deleted).
32. Practitioners must have due regard to the relevant data protection principles which allow them to share personal information, as provided for in the Data Protection Act 2018 and UK GDPR. To share information effectively:
- practitioners should be confident of the lawful bases and processing conditions under the Data Protection Act 2018 and UK GDPR that allow them to store and share information, including information which is considered sensitive, such as health data, known under the data protection legislation as “special category personal data”
- where practitioners need to share special category personal data, for example, where information obtained is sensitive and needs more protection, they should consider and identify the lawful basis for doing so under Article 6 of UK GDPR, and in addition be able to meet one of the specific conditions for processing under Article 9. The Data Protection Act 2018 specifies “safeguarding of children and individuals at risk” as a processing condition that allows practitioners to share information, including without consent (where in the circumstances consent cannot be given, it cannot be reasonably expected that a practitioner obtains consent or if to gain consent would place a child at risk). However, practitioners should be aware of the risks of processing special category data and be mindful that a data protection impact assessment must be completed for any type of processing which is likely to be high risk.
Practitioners should aim to be as transparent as possible by telling families what information they are sharing and with whom, provided that it is safe to do so.
Myth Busting Guide
Sharing information enables practitioners and agencies to identify and provide appropriate services that safeguard and promote the welfare of children. Below are common myths that may hinder effective information sharing:-
Data Protection legislation is a barrier to sharing information
NO. The Data Protection Act 2018 and GDPR do not prohibit the collection and sharing of personal information, but rather provides a framework to ensure that personal information is shared appropriately. In particular, the Data Protection Act 2018 balances the rights of the information subject (the individual whom the information is about) and the possible need to sharing information about them.
Consent is needed to share personal information
NO You do not need consent to share personal information. It is one way to comply with the data protection legislation but not the only way. UK GDPR provides a number of bases for sharing personal information. It is not necessary to seek consent to share information for the purposes of safeguarding and promoting the welfare of a child provided that there is a lawful basis to process any personal information required. The legal bases that may be appropriate for sharing data in these circumstances could be ‘legal obligation’, or ‘public task’ which includes the performance of a task in the public interest or the exercise of official authority. Each of the lawful bases under UK GDPR has different requirements. It is good practice to be transparent and inform parents/carers that you are sharing information for these purposes and seek to work cooperatively with them, where it is safe to do so.
Personal information collected by one organisation / agency cannot be disclosed to another
NO This is not the case unless the information is to be used for a purpose incompatible with the purpose for which it was originally collected. In the case of children in need, or children at risk of significant harm, it is difficult to foresee circumstances where information law would be a barrier to sharing personal information with other practitioners.
The common law duty of confidence and the Human Rights Act 1998 prevent the sharing of personal information
NO No, this is not the case. In addition to the Data Protection Act 2018 and GDPR, practitioners need to balance the common law duty of confidence and the Human Rights Act 1998 against the effect on individuals or others of not sharing the information
IT systems are often a barrier to effective information sharing
There are many IT systems that support the sharing of information, such as the Child Protection Information Sharing project (CP-IS). It is important that the sector continues to work with IT suppliers to ensure that their user needs around information sharing are factored into priorities for system enhancement..
Data Protection Act 2018
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
There is stronger legal protection for more sensitive information, such as:
- race
- ethnic background
- political opinions
- religious beliefs
- trade union membership
- genetics
- biometrics (where used for identification)
- health
- sex life or orientation
There are separate safeguards for personal data relating to criminal convictions and offences.
Data Protection Act (DPA) 2018: The principles of the DPA 2018 provide a framework within which to consider the lawful basis for sharing information under this agreement. Data Protection Act Key Principles can be read by CLICKING HERE or viewed on Appendix A at the end of this page.
Each partner agency may have a different reason for holding and processing the information it needs to fulfil its legal duties. Some common considerations have been included here, but it is impossible to cover all possible situations. Partner agencies must obtain their own assurance and be satisfied that they have a lawful basis for sharing the information they hold.
DPA Section 29 This section provides certain exemptions when personal information is used for the prevention and detection of crime and/or for the apprehension and prosecution of offenders. For example, telling individuals how their information will be processed or shared could prejudice the purpose. Note that information processed for this purpose is exempt from disclosure in response to a Subject Access Request.
Children Act 2004
Sections 10 and 11 of the Children Act 2004 place obligations upon agencies including local authorities, police, clinical commissioning groups and NHS England to co-operate with other partners in promoting the welfare of children and ensuring that they act safeguard and promote the welfare of children in their area.
Well‐being is defined by the Act as relating to a child’s:
- Physical and mental health and emotional well‐being
- Protection from harm and neglect
- Education, training and recreation
- The contribution made by them to society
- Social and economic well‐being
‘Children’ in terms of the scope of this Act means those up to the age of eighteen.
Children Act 1989
For children and young people, the nature of the information that will be shared within the MASH may fall below a statutory threshold of Section 47 (children in need of protection) or even Section 17 (children in need of services).
Crime and Disorder Act 1998
Provides a legal basis for sharing information with a relevant authority where the disclosure is necessary or expedient for the purposes of any provision of the Crime and Disorder Act 1998. Relevant authorities include: Police, Probation, Local Authorities, CCGs and certain NHS statutory bodies
Human Rights Act 1998
Gives force to the European Convention on Human Rights and, amongst other things, places an obligation on public authorities to protect people’s “right to life” and “right to be free from torture or degrading treatment”.
There needs to be a balance between the desire to share and a person’s right to privacy under “the right to respect for private and family life, home and correspondence”. The local authority cannot interfere with this right except such as is necessary in the interests of national security, public safety or for the prevention of disorder or crime, for the protection of health and wellbeing, or for the protection of the rights and freedoms of others.
The Mental Capacity Act (MCA) 2005.
Under the Mental capacity Act 2005 staff are required to apply five principles in their assessments to decide whether to share information without consent in a person’s best interests.
The MCA Code of Practice states that “it is important to balance people's right to make a decision with their right to safety and protection when they can't make decisions to protect themselves. The starting assumption must always be that an individual has the capacity, until there is proof that they do not”.
Under the Mental Capacity Act 2005 there would have to be good reasons not to undertake an assessment of mental capacity regarding the decision to share information without consent. These reasons would need to be documented carefully.
Counter-Terrorism and Boarder Security Act 2019
The Counter Terrorism and Security Act 2015 places a duty on “specified authorities” to have “due regard to the need to prevent people from being drawn into terrorism”. Specified authorities include County and District/Borough Councils, Schools; Police; National Probation Service and Community Rehabilitation Companies; NHS Trusts and NHS Foundation Trusts.
Prevent Duty Guidance
The Prevent Strategy has three specific strategic objectives:
- respond to the ideological challenge of terrorism and the threat we face from those who promote it;
- prevent people from being drawn into terrorism and ensure that they are given appropriate advice and support; and
- Work with sectors and institutions where there are risks of radicalisation that we need to address.
There is an expectation that authorities will work in partnership and share information where appropriate, for example to ensure someone at risk of radicalisation is supported.
Duty of Confidence Information shared by agencies as part of the MASH assessment process may have been gathered where a Duty of Confidence is owed. A duty of confidence arises when one person discloses information to another in circumstances where it is reasonable to expect that the information will not be further disclosed. Duty of Confidence is not an absolute bar to disclosure, as information can be shared where there is a strong enough public interest to do so.
When overriding the Duty of Confidence in the absence of consent, MASH must seek the views of the person representing the organisation that holds the Duty of Confidence and take these into account in relation to breaching the confidence. The originating Partner will be the final arbiter as to whether information is disclosed or not. The Partner may wish to seek specialist or legal advice if there is lack of clarity around justifiable disclosure of information. All disclosures must be relevant and proportionate to the intended aim of the disclosure and must be fully documented as an unjustified disclosure could lead to a claim for damages against the disclosing party.
All staff must be particularly mindful of their professional and ethical obligations and the public interest of confidence in the confidentiality of their services.
It may be necessary to seek advice on professional conduct as well as legal advice before sharing information without consent, especially for information related to the treatment of mental illness. All staff should ensure the need to protect children takes into account the children’s rights as well as those of the adults concerned. Decisions will be reported to the MASH Executive Group for periodic review.
Gillick competency and Fraser guidelines help people who work with children to balance the need to listen to the children’s wishes with the responsibility to keep them safe.
When practitioners are trying to decide whether a child is mature enough to make decisions about things that affect them, they often talk about whether the child is “Gillick competent” or whether they need the “Fraser guidelines”.
Although the two terms are frequently used together and originate from the same legal case, there are distinct differences between them.
Both Gillick competency and Fraser guidelines refer to a legal case from the 1980s which looked at whether doctors should be able to give contraceptive advice or treatment to young people under 16-years-old without parental consent.
Applying Gillick competence and Fraser Guidelines
The Fraser guidelines still apply to advice and treatment relating to contraception and sexual health. But Gillick competency is often used in a wider context to help assess whether a child has the maturity to make their own decisions and to understand the implications of those decisions. Practitioners should always encourage a child to tell their parents or carers about the decisions they are making. If they don’t want to do this, you should explore why and, if appropriate, discuss ways you could help them inform their parents or carers. For example, you could talk to the young person’s parents or carers on their behalf.
If the young person still wants to go ahead without their parents’ or carers’ knowledge or consent, you should consider the Gillick and Fraser guidelines.
Gillick Competence
Gillick competency applies mainly to medical advice but it is also used by practitioners in other settings. For example, if a child or young person:-
- Would like to have counselling or therapeutic support but doesn’t want their parents or carers to know about it.
- Is seeking confidential support for substance misuse.
- Has strong wishes about their future living arrangements which may conflict with their parents’ or carers’ views.
Medical professionals need to consider Gillick competency if a young person under the age of 16 wishes to receive treatment without their parents’ or carers’ consent or, in some cases, knowledge.
If the young person has informed their parents of the treatment they wish to receive but their parents do not agree with their decision, treatment can still proceed if the child has been assessed as Gillick competent.
Assessing Gillick Competence
There is not set of defined questions to assess Gillick competency. Professionals need to consider several things when assessing a child’s capacity to consent, including:
- The child’s age, maturity and mental capacity
- Their understanding of the issue and what it involves – including advantages, disadvantages and potential long-term impact.
- Their understanding of the risks, implications and consequences that may arise from their decision.
- How well they understand any advice or information they have been given.
- Their understanding of any alternative options, if available.
- Their ability to explain a rationale around their reasoning and decision making.
Remember that consent is not valid if a young person is pressured or influenced by someone else.
Children’s capacity to consent may be affected by different factors, for example stress, mental health conditions and the complexities of the decision they are making. The same child may be considered Gillick competent to make one decision but not competent to make a different decision.
If you don’t think a child is Gillick competent or there are inconsistencies in their understanding, you should seek consent from their parents or carers before proceeding.
In complex medical cases, such as those involving disagreements about treatment, you may wish to seek the opinion of a colleague about a child’s capacity to consent (Care Quality Commission 2019)
Young people also have the right to seek a second opinion from another medical professional (General Medical Council, 2020).
Refusal of Medical Treatment
Gillick competency can be used when young people wish to use medical treatment. However, if a young person refuses medical treatment which may lead to their death or severe permanent harm, their decision can be overruled. More information about this is available in the Guidance for Medical Professionals in each UK nation – see case history and legislation on the NSPCC website.
Child Protection Concerns
The child’s safety and wellbeing is paramount.
When you are assessing Gillick competency if you have any concerns about the safety of the young person you should check whether previous child protection concerns have been raised, and explore any factors that could put them at risk of abuse.
You must always share child protection concerns with the relevant agencies, even if this goes against a child’s wishes. (Find out more on Recognising & Responding to Abuse, NSPCC).
Fraser Guidelines
The Fraser guidelines apply specifically to advice and treatment about contraception and sexual health. They may be used by a range of healthcare professionals when working with under 16 year-olds, including doctors and nurse practitioners.
Following a legal ruling in 2006, Fraser guidelines can also be applied to advice and treatment for sexually transmitted infections and the termination of pregnancy (Axton v the Secretary of Stage for Health, 2006).
Using the Fraser guidelines
Practitioners using the Fraser guidelines should be satisfied of the following:
- The young person cannot be persuaded to inform their parents or carers that they are seeking this advice or treatment (or to allow the practitioner to inform their parents or carers).
- The young person understands the advice being given.
- The young person’s physical or mental health (or both) are likely to suffer unless they receive the advice or treatment.
- It is in the young person’s best interests to receive the advice, treatment or both without their parents’ or carers’ consent.
- The young person is very likely to continue having sex with or without contraceptive treatment.
Child Protection Concerns
When using Fraser guidelines for issues relating to sexual health, you should always consider any potential child protection concerns:
- Underage sexual activity is a possible indicator of child sexual exploitation and children who have been groomed may not realise they are being abused.
- Sexual activity with a child under 13 should always result in a child protection referral.
- If a young person presents repeatedly about sexually transmitted infections or the termination of pregnancy this may be an indicator of child sexual abuse or exploitation.
Professionals should always consider any previous concerns that may have been raised about the young person and explore whether there are any factors that may present a risk to their safety and wellbeing.
You must always share child protection concerns with the relevant agencies, even if a child or young person asks you not to.
Appendix 1 – Data Protection Act 2018 Principles of Information Sharing +
CHAPTER 2 Principles Overview and general duty of controller
(1)This Chapter sets out the six data protection principles as follows—
(a) section 35(1) sets out the first data protection principle (requirement that processing be lawful and fair);
(b) Section 36(1) sets out the second data protection principle (requirement that purposes of processing be specified, explicit and legitimate);
(c) Section 37 sets out the third data protection principle (requirement that personal data be adequate, relevant and not excessive);
(d) Section 38(1) sets out the fourth data protection principle (requirement that personal data be accurate and kept up to date);
(e) Section 39(1) sets out the fifth data protection principle (requirement that personal data be kept for no longer than is necessary);
(f) Section 40 sets out the sixth data protection principle (requirement that personal data be processed in a secure manner).
(2) In addition—
(a) Each of sections 35, 36, 38 and 39 makes provision to supplement the principle to which it relates, and
(b) Sections 41 and 42 make provision about the safeguards that apply in relation to certain types of processing.
(3) The controller in relation to personal data is responsible for, and must be able to demonstrate, compliance with this Chapter.
The first data protection principle
(1) The first data protection principle is that the processing of personal data for any of the law enforcement purposes must be lawful and fair.
(2) The processing of personal data for any of the law enforcement purposes is lawful only if and to the extent that it is based on law and either—
(a) The data subject has given consent to the processing for that purpose, or
(b) The processing is necessary for the performance of a task carried out for that purpose by a competent authority.
(3) In addition, where the processing for any of the law enforcement purposes is sensitive processing, the processing is permitted only in the two cases set out in subsections (4) and (5).
(4) The first case is where—
(a) The data subject has given consent to the processing for the law enforcement purpose as mentioned in subsection (2)(a), and
(b) At the time when the processing is carried out, the controller has an appropriate policy document in place (see section 42).
(5) The second case is where—
(a) The processing is strictly necessary for the law enforcement purpose,
(b) The processing meets at least one of the conditions in Schedule 8, and
(c) At the time when the processing is carried out, the controller has an appropriate policy document in place (see section 42).
(6) The Secretary of State may by regulations amend Schedule 8—
(a) By adding conditions;
(b) By omitting conditions added by regulations under paragraph (a).
(7) Regulations under subsection (6) are subject to the affirmative resolution procedure.
(8) In this section, “sensitive processing” means—
(a) The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership;
(b) The processing of genetic data, or of biometric data, for the purpose of uniquely identifying an individual;
(c) The processing of data concerning health;
(d) The processing of data concerning an individual’s sex life or sexual orientation.
The second data protection principle
(1)The second data protection principle is that—
(a) The law enforcement purpose for which personal data is collected on any occasion must be specified, explicit and legitimate, and
(b) Personal data so collected must not be processed in a manner that is incompatible with the purpose for which it was collected.
(2) Paragraph (b) of the second data protection principle is subject to subsections (3) and (4).
(3) Personal data collected for a law enforcement purpose may be processed for any other law enforcement purpose (whether by the controller that collected the data or by another controller) provided that—
(a) The controller is authorised by law to process the data for the other purpose, and
(b) The processing is necessary and proportionate to that other purpose.
(4) Personal data collected for any of the law enforcement purposes may not be processed for a purpose that is not a law enforcement purpose unless the processing is authorised by law.
The third data protection principle
The third data protection principle is that personal data processed for any of the law enforcement purposes must be adequate, relevant and not excessive in relation to the purpose for which it is processed.
The fourth data protection principle
(1) The fourth data protection principle is that—
(a) Personal data processed for any of the law enforcement purposes must be accurate and, where necessary, kept up to date, and
(b) Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the law enforcement purpose for which it is processed, is erased or rectified without delay.
(2) In processing personal data for any of the law enforcement purposes, personal data based on facts must, so far as possible, be distinguished from personal data based on personal assessments.
(3) In processing personal data for any of the law enforcement purposes, a clear distinction must, where relevant and as far as possible, be made between personal data relating to different categories of data subject, such as—
(a) Persons suspected of having committed or being about to commit a criminal offence;
(b) Persons convicted of a criminal offence;
(c) Persons who are or may be victims of a criminal offence;
(d) Witnesses or other persons with information about offences.
(4) All reasonable steps must be taken to ensure that personal data which is inaccurate, incomplete or no longer up to date is not transmitted or made available for any of the law enforcement purposes.
(5) For that purpose—
(a) The quality of personal data must be verified before it is transmitted or made available,
(b) In all transmissions of personal data, the necessary information enabling the recipient to assess the degree of accuracy, completeness and reliability of the data and the extent to which it is up to date must be included, and
(c) If, after personal data has been transmitted, it emerges that the data was incorrect or that the transmission was unlawful, the recipient must be notified without delay.
The fifth data protection principle
(1) The fifth data protection principle is that personal data processed for any of the law enforcement purposes must be kept for no longer than is necessary for the purpose for which it is processed.
(2) Appropriate time limits must be established for the periodic review of the need for the continued storage of personal data for any of the law enforcement purposes.
The sixth data protection principle
The sixth data protection principle is that personal data processed for any of the law enforcement purposes must be so processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures (and, in this principle, “appropriate security” includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage).
Safeguards: archiving
(1) This section applies in relation to the processing of personal data for a law enforcement purpose where the processing is necessary
(a) For archiving purposes in the public interest,
(b) For scientific or historical research purposes, or
(c) For statistical purposes.
(2) The processing is not permitted if—
(a) It is carried out for the purposes of, or in connection with, measures or decisions with respect to a particular data subject, or
(b) It is likely to cause substantial damage or substantial distress to a data subject.
42Safeguards: sensitive processing
(1) This section applies for the purposes of section 35(4) and (5) (which require a controller to have an appropriate policy document in place when carrying out sensitive processing in reliance on the consent of the data subject or, as the case may be, in reliance on a condition specified in Schedule 8).
(2) The controller has an appropriate policy document in place in relation to the sensitive processing if the controller has produced a document which—
(a) Explains the controller’s procedures for securing compliance with the data protection principles (see section 34(1)) in connection with sensitive processing in reliance on the consent of the data subject or (as the case may be) in reliance on the condition in question, and
(b) Explains the controller’s policies as regards the retention and erasure of personal data processed in reliance on the consent of the data subject or (as the case may be) in reliance on the condition in question, giving an indication of how long such personal data is likely to be retained.
(3) Where personal data is processed on the basis that an appropriate policy document is in place, the controller must during the relevant period—
(a) Retain the appropriate policy document,
(b) Review and (if appropriate) update it from time to time, and
(c) Make it available to the Commissioner, on request, without charge.
(4) The record maintained by the controller under section 61(1) and, where the sensitive processing is carried out by a processor on behalf of the controller, the record maintained by the processor under section 61(3) must include the following information—
(a) Whether the sensitive processing is carried out in reliance on the consent of the data subject or, if not, which condition in Schedule 8 is relied on,
(b) How the processing satisfies section 35 (lawfulness of processing), and
(c) Whether the personal data is retained and erased in accordance with the policies described in subsection (2)(b) and, if it is not, the reasons for not following those policies.
(5) In this section, “relevant period”, in relation to sensitive processing in reliance on the consent of the data subject or in reliance on a condition specified in Schedule 8, means a period which—
(a) Begins when the controller starts to carry out the sensitive processing in reliance on the data subject’s consent or (as the case may be) in reliance on that condition, and
(b) Ends at the end of the period of 6 months beginning when the controller ceases to carry out the processing.
Appendix 2 – Information Sharing Flow Chart +