Knowsley Information Sharing Charter

SCOPE OF THIS CHAPTER

This chapter fully details the importance and practice of appropriate information sharing and the issues around the balance of this and confidentiality. The chapter has the Tier 2 – Information Sharing Agreement (see Appendix A: Information Sharing Charter). A link to the DfE statutory guidance is also provided.

RELEVANT GUIDANCE

Information sharing: Advice for practitioners providing safeguarding services to children, young people, parents and carers (DfE, 2018).

AMENDMENT

This chapter was updated in December 2017 by adding a new Appendix A: Information Sharing Charter. This contains a section highlighting the Objectives of the Charter; Guiding Principles and Freedom of Information as well as the Tier 2 Information Sharing Agreement (between the partners).

1. Introduction

The appropriate exchange of information is essential to deliver effective and efficient services for our citizens, to meet their needs and ensure their welfare and protection. However there is a balance between the need to share sufficient information to deliver effective services, and preserving the privacy of the individual.

To assist understanding and the application of effective information sharing it is helpful to have locally documented clarity about how legal constraints 'fit' with practice guidelines, identifying what can and cannot be shared with whom, how and for what purposes.

This Charter provides a framework for the effective and secure sharing of information in accordance with legal requirements, ethical boundaries and good practice. It will ensure transparency of information governance practices, assist the documenting of information sharing decisions and actions to ensure they are auditable, and raise awareness of the legal and ethical boundaries around information disclosure and the rules and methods for accessing data.

The Charter is based on the Two Tier Model for Information Sharing, which requires that Information Sharing be considered at two levels of complexity; a higher level 'Charter' which establishes the principles and standards for information sharing; and a second level agreement which agrees the purposes for which information will be shared and the legal gateways by which information can and will be shared and with who.

The Charter does not impose new obligations on signatory organisations, but reflects current regulations and legislation for the sharing of personal information, and builds on existing partnerships.

(See also DfE, Information sharing: Advice for practitioners providing safeguarding services to children, young people, parents and carers (2018)).

2. Objectives of the Charter

The signatories to this Charter recognise the importance of sharing information effectively and securely for the purposes of delivering and improving outcomes for the citizens and communities we serve.

Through this Charter the signatories aim to achieve consistent and good practice for the sharing of personal information by:

  • Providing signatory organisations and those acting on their behalf with clear guidelines to follow for the secure and confidential sharing of personal information in accordance with legal requirements;
  • Informing citizens why personal information about them may need to be shared between signatory organisations, and how that information will be shared and used.

3. Our Commitment

As a signatory organisation we are committed to ensuring that the identifiable personal information we collect, hold and use will be processed in accordance with legalisation, best practice and the expectations of citizens, to meet and ensure security and confidentiality requirements. We will ensure we adhere to and comply with key legislation including the Data Protection Act 2018, Freedom of Information Act 2000, Common Law Duty of Confidentiality and Human Rights Act 1998. This Charter sets out the principles and minimum standards that will underpin the processing and exchange of personal information.

4. Designated Officer

As a signatory organisation we must have in place a Designated Officer, responsible for approving and monitoring the processing of personal information in accordance with the Knowsley Information Sharing Charter.

For Health organisations this will be the Caldicott Guardian, for signatory organisations signed up to Public Service Networks it will be the Senior Information Risk Officer and for Social Care organisations this will be the Caldicott Guardian and the Senior Information Risk Officer. For all other organisations it will be a senior officer with responsibility for information governance nominated by the Chief Executive or equivalent.

5. The Principles Guiding the Sharing of Information

As a signatory organisation we will work to:

  1. Support and promote the accurate, timely, secure and confidential sharing of both person identifiable and anonymous information in accordance with our legal, statutory and common law duties, and the requirements of this Charter and other additional guidance as notified to us;
  2. Ensure a copy of the Charter and the identity of the Designated Officer are clearly and widely promoted across the organisation and available to all;
  3. Have in place effective policies and procedures to meet our responsibilities for the secure and confidential sharing of information, aligned to statutory requirements and this Charter;
  4. Ensure that all employees and those acting on our behalf are aware of, understand and comply with their responsibilities for information security and confidentiality through appropriate promotion, training, monitoring and enforcement;
  5. Ensure all our data meets the high standards identified in the Audit Commission's "Improving information to support decision making: standards for better quality data", November 2007, and any locally agreed protocols.

When sharing information we will endeavour to ensure that:

  1. Individuals are fully informed about the information held about them and how it will be used and shared (see Section 8, Individuals Rights);
  2. Information will be shared with consent, except where statutory requirements or common law principles support the disclosure or withholding of information;
  3. Information is only shared when and where it is necessary and justified for a lawful and specified purpose. Knowsley sharing agreement purposes are divided into the 10 key outcomes identified in Section 6, Tier 2 - Information Sharing Agreements. Each purpose for sharing information should fall into one of these outcomes through the priorities within the council;
  4. Only the minimum identifiable information that is required for the purpose is shared. The information shared should be relevant, proportionate and not excessive for the specified purpose, and be defined by the appropriate Tier 2 Agreement (see Appendix A: Information Sharing Charter);
  5. Wherever possible statistical or aggregated and anonymous information is provided, to eliminate the risk of individuals being identified;
  6. Information is clearly identified as being fact, opinion, or a combination of the two;
  7. Information is kept and shared safely and securely, with appropriate safeguards in place to ensure only individuals with a legitimate right have access to it, preventing accidental or deliberate unauthorised access.
    1. All transfer of personal information between organisations signing this charter MUST be carried out using one of the following encrypted email systems:
      • Criminal Justice Secure Network (CJSN);
      • GCSx (GC Mail);
      • PNN;
      • CJIT;
      • NHS.net;
      • Egress.
      In exceptional circumstances, if arrangements are required that are different to these, whether transferring information electronically or original documentation, you must first speak to your service Information Asset Administrator and must always work within the guidelines set out within the Sending Out Procedure. If original documentation is to be transferred consideration should also be given to retaining a copy, storage, retention and secure disposal procedures identified below. This must all be agreed within the tier 2 sharing agreement between all participating signatory organisations;
    2. All personal information transferred MUST be stored in a secure network location with access limited to the named officers within the participating organisations signed up to the Tier 2 sharing agreement. Personal information from the secure location must only be transferred to any other location with prior authorisation of the owner of the personal information.
  8. Information must be managed in line with agreed retention periods. Knowsley Council's retention periods are available on Bertha. Information no longer needed for legal or administration requirements is disposed of in a safe and appropriate manner;
    1. If this includes hard copies, it is agreed that this will be by cross-cut shredding or by using the confidential waste bins provided.
  9. The capacity of a data subject, including children and vulnerable adults, to exercise their right to provide or refuse consent will be considered on an individual case by case basis; and
  10. Considerations of confidentiality and privacy will not automatically cease on death.

6. Tier 2 - Information Sharing Agreements

Each Agreement describes the common contexts and shared objectives between signatory organisations delivering services of a similar scope, defines the type of information to be shared, the purposes for which it can be shared, and the underpinning legislation and the associated duties and powers that enable legally justifiable exchanges of information for that purpose based on the principles and standards set out in the Charter.

Ten template sharing agreements have been developed where the majority will be pre-populated to make them more 'user friendly' to the end user. Each agreement will identify the purpose via one of the ten key outcomes of Knowsley Council:

  1. Empowered, resilient, cohesive communities;
  2. Quality infrastructure and environment;
  3. Safe, attractive, sustainable neighbourhoods;
  4. Creating more jobs in the city region for Knowsley people;
  5. More Knowsley residents get into and progress in work;
  6. Narrowing the inequality gap;
  7. Improved outcomes for our most vulnerable young people;
  8. Everybody has the opportunity to have the best health and wellbeing throughout their life;
  9. People are protected from risks that can affect their health and wellbeing;
  10. More people look after themselves and support others to do the same.

Through this purpose a legal gateway will be identified therefore only leaving the information to be shared and the recipients of the information to be identified.

Tier 2 Protocols will be signed on behalf of signatory organisations by Directors, senior managers or equivalent.

7. Signatory Organisations to this Charter

A list of the organisations that have signed up to this Charter, and have agreed to adopt the principles and standards set out in the overarching Policy and the supporting Protocol and agreements is available on the Knowsley Council website (www.knowsley.gov.uk).

8. Individuals Rights

Each organisation must ensure that they have adequate notification and Privacy Notices in place to ensure their data subjects (people to whom the information relates) would reasonably expect this sharing to take place. A privacy notice should be used when personal information is collected from the public and explains what their personal information is to be used for and who it will be shared with.

Each signatory organisation must risk assess the Privacy Impact of the sharing of personal information and must not sign this charter and must not share personal information until they have in place controls to mitigate these risks.

The Principles of the Data Protection Act must be followed at all times including the rights afforded to them under principle 6 and Section 7. If a subject access request is received, the signatory organisation to whom the personal information belongs will deal with the request with their usual procedures.

9. Freedom of Information

The Freedom of Information Act 2000 and Environmental Information Regulations 2004 gives a general right of access to the information public authorities hold. Any requests for information in relation to the Charter must be passed to the signatory organisation's Freedom of Information Officer to deal with. In signatory organisations not subject to the Act or Regulations the request must be passed to Knowsley Council's Data Protection Team.

Requests for copies of the Charter will be directed to Knowsley Council where the Knowsley Information Sharing Charter is proactively published on their website (www.knowsley.gov.uk).

Requests for Tier 2 Agreements will be considered on a case by case basis by the signatory organisation to the Agreement, as they will include sensitive information, which could compromise the procedures in place for the security and protection of the personal information.

10. Complaints

A complaint from a data subject or their representative about information held under the terms of this Charter will be investigated first by the signatory organisation receiving the complaint.

Where a complaint identifies that any part of the Charter needs to be reviewed, this action must be taken by the Knowsley Council Information Governance Group.

For statutory complaints please refer to the Knowsley Council website (www.knowsley.gov.uk) under the comments and complaints page for the formal process.

11. Monitoring and Review

As a signatory to the Charter we agree to support the Knowsley Council Information Governance Group with the monitoring and annual review of the Charter and associated Tier 2 Agreements.

If the sharing is not effective of this charter or associated Tier 2 agreements then the sharing can be terminated by either party in writing.

12. Knowsley Council Information Governance Group

The Knowsley Council Information Governance Group is a group within Knowsley Council consisting of the Information Asset Owners or their nominated representative across the council. This group will have the overall responsibility of the up-keep of this charter.

13. Sanctions for Failure to Comply

Signatories must be sufficiently senior to give assurances that their organisation is compliant with all the requirements identified in this charter and Tier 2 agreement and that any non-compliance will be reported and handled by the appropriate function (e.g. HR) under their normal disciplinary processes.

For failure to comply with the requirements of this charter or Tier 2 agreement a review will take place to determine what actions will need to be undertaken.

14. Partnership Undertaking

As a signatory to the Charter we accept the principles laid down in this document will provide a secure local framework between the signatory organisations for the secure sharing of personal information in a manner compliant with statutory and professional responsibilities.

On behalf of the organisation I represent, I confirm that we will undertake to comply with all relevant legislation and requirements relating to confidentiality, safe information sharing and disclosure, appropriate storage and destruction of information.

  1. Implement and adhere to the standards and principles set out in this Charter whenever exchanging personal information, both with a co-signatories and other organisations;
  2. Ensure that all Protocols and Procedures established for the sharing and confidentiality of information are consistent with this Charter;
  3. Co-operate, as far is compatible with existing statutory responsibilities, with other signatories to ensure effective information sharing and reduce duplication.

Signatories

Signatories

Appendix A: Information Sharing Charter

Click here to view Appendix A: Information Sharing Charter.