information sharing december 2014. conwy and denbighshire local service board betsi cadwaladr...
TRANSCRIPT
Conwy and Conwy and DenbighshireDenbighshire
Local Service BoardLocal Service Board Betsi Cadwaladr University Local
Health Board Community & Voluntary Support
Conwy Community Housing Cymru
(Cartrefi Conwy currently representing other registered social landlords)
Conwy County Borough Council
Denbighshire County Council
Denbighshire Voluntary Service Council
Grŵp Llandrillo Menai Natural Resource Wales North Wales Fire & Rescue North Wales Police Public Health Wales Snowdonia National Park
Authority Welsh Government
Why is information Why is information sharing so important?sharing so important?
Baby P Lord Laming report (Victoria Climbie /
Sohame)
Report identified 5 positive outcomes: Be healthy Stay safe Enjoy and achieve Make a positive contribution Achieve economic well-being
How can this be How can this be achieved?achieved?
Practitioners need to work together
Intervene earlier
Have the tools to enable them to do this
Lawful Information sharing is one important tool
This toolkit has been developed to enable
partners to achieve this
Information Sharing…Information Sharing…
Importance of inter-agency information sharing Lord Laming report in the Baby P case – almost
all serious case reviews conclude the child has been ‘let down’ by a failure to share information.
Professor Munro Review of Child Protection – A Child Centered System, now advocating that a one size fits all approach is not the way forward. Local innovation and inter agency working, with less systems not more!
Munro Report & Central Munro Report & Central Government Response:Government Response:
““Effective information sharing between agencies is essential if children and young people are to receive the help they need.”
Central Government agrees with Professor Munro that information which could help to protect children is not always appropriately shared between key professionals and agencies.
Decisions about what information to share, and when to share it, can require difficult and complex judgments. Having additional data and IT systems does not always make these decisions easier.
Welsh GovernmentWelsh Government
Sharing Personal Information (SPI) programme.
Welsh Accord on Sharing Personal Information (WASPI) Framework
Scottish Accord on Sharing Personal Information (SASPI) Framework
Wales Accord on the Wales Accord on the Sharing of Personal Sharing of Personal InformationInformation(WASPI)(WASPI)
What Is WASPI?What Is WASPI?
A framework for organisations to share personal identifiable information between them, in a lawful and intelligent way
It is for the routine, agreed and regular sharing of personal information, for a specified purpose and for the benefit of individuals – not for ad-hoc requests
It is not for intra-organisational sharing or for the sharing of aggregated, de-personalised or anonymised information
Provides a practical approach to working together
Who is WASPI for?Who is WASPI for?
For organisations involved in the protection, safety, health, education and social welfare of the people in Wales
This includes statutory, private and voluntary sector organisations
A Practical Approach to Information Sharing
WASPI and SPIWASPI and SPI
How Does WASPI Link Into The Welsh Government’s Sharing Personal Information programme?
Key element of the Sharing Personal
Information Sharing Programme (SPI)
The ‘single’ information sharing framework for
Wales
Benefits of WASPIBenefits of WASPI
What are the Benefits Of Using WASPI?
• Provides Service Users with an improved service• Encourages safe, secure and relevant information sharing • Helps to overcome legal complexities and misunderstandings• Provides compliance with the Information Commissioner’s Data
Sharing Code of Practice and other recognised standards• Helps promote the need for regular sharing between public
service organisations• Helps guide Practitioners and staff around the information they
can and cannot share – provides confidence• ‘Once for Wales’ – reduces duplication of effort
WASPIWASPI
Has your organisation signed up to the Accord?
By signing the Accord, you will have agreed to:
Work to a common approach for the sharing of personal information with other public and voluntary sector organisations;
Develop supporting local Information Sharing Protocols (ISP) using the WASPI template and guidance;
Raise staff awareness regarding the organisation’s responsibilities.
The latest version of the WASPI guidance and supporting documentation, can be accessed at www.waspi.org
WASPIWASPI
What Is An Information Sharing Protocol (ISP)?
An ISP documents the:
• processes for sharing personal information• specific purposes served• people it impacts upon• relevant legislative powers• information that is to be shared and with whom• consent process involved • operational procedures• process for review
Plus posters containing key messages from the guidance, an updated set of training materials and a set of ‘How To…’ guides.
Information Sharing Guidance: Information Sharing Guidance: ProductsProducts
What is Information What is Information Sharing?Sharing?
1.1. Systematic routine personal information sharing between organisations that is shared for an established purpose.
OR
2. Exceptional, one off decisions to share data for any range of purposes.
Powers to share for Powers to share for Public AuthoritiesPublic Authorities
Is there an express legal power to share? These are referred to as ‘gateways’ and are usually very specific.
If not, is there an implied legal power to share? Often the legislation regulating a public body’s activities is silent on the issue of data sharing. Is the sharing reasonably incidental to the express power permitting the activity?
The question to ask is do I have the power to share? SEE GATEWAY TABLE IN THE TOOLKIT
Human Rights Act and Human Rights Act and Right to have Privacy Right to have Privacy RespectedRespected
Must be Human Rights compliant
Article 8 is NOT an absolute right it is ‘The right to respect for his private and family life, his home and his correspondence’
This is especially relevant to sharing personal data
As it is not an absolute right, public authorities are permitted to interfere with it, if it is lawful and proportionate to do so
Data Protection Act Data Protection Act 19981998
The DPA is NOT a barrier to sharing information - it is a framework for appropriate sharing.
The disclosure must comply with the DPA Schedules 2 and 3 of the Act apply Are the conditions for processing (e.g. sharing)
satisfied? Personal data – schedule 2 Sensitive personal data – schedule 2 and 3 DPA exemptions allowing disclosure
ICO Data Sharing ICO Data Sharing Code of PracticeCode of Practice
Factors to consider: What is the sharing meant to achieve?
What information needs to be shared?
Who requires access to the shared personal data?
When should it be shared?
How should it be shared?
How can we check the sharing is achieving its objectives?
What risk does the data sharing pose?
Could the objective be achieved without sharing the data or by anonymising it?
Will I need to update my notification?
Systematic Data Systematic Data SharingSharing
Data Sharing Checklist – Systematic Data Sharing
Scenario: You want to enter into an agreement to share personal data on an ongoing basis
Is the sharing justified?
Key points to consider:
What is the sharing meant to achieve? Have you assessed the potential benefits and risks to
individuals and/or society of sharing or not sharing? Is the sharing proportionate to the issue you are
addressing? Could the objective be achieved without sharing
personal data?
Systematic Data Systematic Data SharingSharing
Do you have the Power to Share?
Key points to consider: The type of organisation you work for Any relevant functions or powers of your
organisation The nature of the information you have been
asked to share (for example was it given in confidence?)
Any legal obligation to share information (for example a statutory requirement or a court order)
Systematic Data Systematic Data SharingSharing
If you Decide to Share Data –
It is good practice to have a data sharing agreement in place. Speak to your WASPI Facilitator
In addition to considering the key points above, your data sharing agreement should cover the following issues:
What information needs to be shared The organisations that will be involved What you need to tell people about the data sharing and how you will
communicate that information Measures to ensure adequate security is in place to protect the data What arrangements need to be in place to provide individuals with access to
their personal data if they request it Agreed common retention periods for the data Processes to ensure secure deletion takes place
Data Sharing – One Data Sharing – One Off RequestsOff Requests
Scenario: You are asked to share personal data relating to an individual in ‘one off’ circumstances.
Is the sharing justified?
Key points to consider: Do you think you should share the information? Have you assessed the potential benefits and risks to
individuals and/or society of sharing or not sharing? Do you have concerns that an individual is at risk of serious harm? Do you need to consider an exemption in the DPA to
share?
One Off RequestsOne Off Requests
Do you have the power to share?
Key points to consider:
The type of organisation you work for Any relevant functions or powers of your
organisation. The nature of the information you have been asked
to share (for example was it given in confidence?) Any legal obligation to share information (for
example a statutory requirement or a court order)
One Off RequestsOne Off Requests
If you Decide to Share
Key points to consider: What information do you need to share?
• Only share what is necessary
• Distinguish fact from opinion
How should the information be shared?
• Information must be shared securely
• Ensure you are giving information to the right person
Consider whether it is appropriate/safe to inform the individual that you have shared their
information
One Off RequestsOne Off Requests
Recording your Decision
Record your data sharing decision and your reasoning –whether or not you shared the information
If you share information you should record:
What information was shared and for what purpose Who it was shared with When it was shared Your justification for sharing Whether the information was shared with or without
consent.
One Off RequestsOne Off Requests
“An Information Sharing Protocol is not a useful tool for managing the ad hoc
information sharing which all practitioners find necessary. Most importantly it is not intended
to be a substitute for professional judgment which an experienced practitioner will use in
those cases and should not be used to replace that judgement”
Information Commissioners Officer