Limits of Confidentiality

Your conversation with the person disclosing

Arguably the most difficult part of handling a disclosure of abuse is navigating the fine line between respecting the child, young person or vulnerable adults’ confidentiality and your safeguarding responsibilities. Sometimes it feels impossible to ensure the best possible chance for safety whilst protecting the trust that the person has so bravely shown in you. You can yourself experience overwhelming feelings of guilt and betrayal knowing that you have no obligation but to exercise your duty of care. In order to feel absolved from these feelings, it is important to recognise that you do not have a choice; if a person has disclosed something that means they or someone else is at risk of significant harm or if a serious crime has taken place (we will look at these in a moment) then you have a duty to report.

Within your conversation, it is important to remain open, honest and transparent about the actions that you will need to take, while acknowledging the person’s worries and taking time and being patient in addressing these. By ensuring the child (and if appropriate, their family), young person or vulnerable adult is fully involved in all the conversations about your next steps, you can mitigate against losing their trust. The person may be adamant that they will refuse to speak to anyone who you make a referral to and you can spend time explaining why you need to speak to that person but you should not try to bribe or coerce the child, young person or vulnerable adult into talking to someone else if they do not want to. In time, if other professionals become involved, the person may begin to trust them and change their mind about talking further.

How do I know if a serious crime has been disclosed to me

“Serious crime” is not clearly defined in law but will include crimes that cause serious physical or psychological harm to individuals. This will certainly include murder, manslaughter, rape, treason, kidnapping, and child abuse or neglect causing significant harm and will likely include other crimes which carry a five-year minimum prison sentence but may also include other acts that have a high impact on the victim.

Consent and Information Sharing – Myth-busting guide

In 2018, the Government produced a document entitled ‘Information Sharing – Advice for practitioners providing services to children, young people, parents and carers’. This document was aimed at those working with young people but the same general principles can be applied to vulnerable adults, whilst also taking into account Mental Capacity. The full document can be found here but the most useful guidance regarding consent and information sharing is as follows:

Sharing of information between practitioners and organisations is essential for effective identification, assessment, risk management and service provision. Fears about sharing information cannot be allowed to stand in the way of the need to safeguard and promote the welfare of children and young people at risk of abuse or neglect. Below are common myths that can act as a barrier to sharing information effectively:


No – the GDPR and Data Protection Act 2018 do not prohibit the collection and sharing of personal information. They provide a framework to ensure that personal information is shared appropriately. In particular, the Data Protection Act 2018 balances the rights of the information subject (the individual whom the information is about) and the possible need to share information about them. Never assume sharing is prohibited – it is essential to consider this balance in every case. You should always keep a record of what you have shared.

No – you do not necessarily need the consent of the information subject to share their personal information. Wherever possible, you should seek consent and be open and honest with the individual
from the outset as to why, what, how and with whom, their information will be shared. You should seek consent where an individual may not expect their information to be passed on. When you gain consent to share information, it must be explicit, and freely
given. There may be some circumstances where it is not appropriate to seek consent, either because the individual cannot give consent, it is not reasonable to obtain consent, or because to gain consent would put a child or young person’s safety or well-being at risk. Where a decision to share information without consent is made, a record of what has been shared should be kept.

No – this is not the case, unless the information is to be used for a purpose incompatible with the purpose it was originally collected for. In the case of children in need, or children at risk of significant harm, it is difficult to foresee circumstances where information law
would be a barrier to sharing personal information with other practitioners.
Practitioners looking to share information should consider which processing condition in the Data Protection Act 2018 is most appropriate for use in the particular circumstances
of the case. This may be the safeguarding processing condition or another relevant provision.

No – this is not the case. In addition to the GDPR and Data Protection Act 2018, practitioners need to balance the common law duty of confidence, and the rights within the Human Rights Act 1998, against the effect on children or individuals at risk, if they do
not share the information. If information collection and sharing is to take place with the consent of the individuals involved, providing they are clearly informed about the purpose of the sharing, there
should be no breach of confidentiality or breach of the Human Rights Act 1998. If the information is confidential, and the consent of the information subject is not gained, then practitioners need to decide whether there are grounds to share the information without
consent. This can be because it is overwhelmingly in the information subject’s interests for this information to be disclosed. It is also possible that a public interest would justify disclosure of the information (or that sharing is required by a court order, other legal obligation or statutory exemption). In the context of safeguarding a child or young person, where the child’s welfare is paramount, it is possible that the common law duty of confidence can be over overcome. Practitioners must consider this on a case-by-case basis.

Flowchart of when and how to share information

The seven golden rules to sharing information

It is very important that safeguarding decisions are taken collaboratively (we will look at the importance of Partnership Working later) and if you have received a disclosure, you should seek support and take advice and this can be done anonymously if needs be. The Government helpfully also produced a list of seven ‘golden rules’ to help you approach information sharing with confidence:

  1. Remember that the General Data Protection Regulation (GDPR), Data Protection Act 2018 and human rights law are not barriers to justified information sharing, but provide a framework to ensure that personal information about living individuals is shared appropriately.
  2. Be open and honest with the individual (and/or their family where appropriate)
    from the outset about why, what, how and with whom information will, or could be
    shared, and seek their agreement, unless it is unsafe or inappropriate to do so.
  3. Seek advice from other practitioners, or your information governance lead, if you
    are in any doubt about sharing the information concerned, without disclosing the
    identity of the individual where possible.
  4. Where possible, share information with consent, and where possible, respect
    the wishes of those who do not consent to having their information shared. Under the
    GDPR and Data Protection Act 2018 you may share information without consent if, in
    your judgement, there is a lawful basis to do so, such as where safety may be at risk.
    You will need to base your judgement on the facts of the case. When you are sharing
    or requesting personal information from someone, be clear of the basis upon which you
    are doing so. Where you do not have consent, be mindful that an individual might not
    expect information to be shared.
  5. Consider safety and well-being: base your information sharing decisions on
    considerations of the safety and well-being of the individual and others who may be
    affected by their actions.
  6. Necessary, proportionate, relevant, adequate, accurate, timely and secure:
    ensure that the information you share is necessary for the purpose for which you are
    sharing it, is shared only with those individuals who need to have it, is accurate and up to date, is shared in a timely fashion, and is shared securely.
  7. Keep a record of your decision and the reasons for it – whether it is to share
    information or not. If you decide to share, then record what you have shared, with
    whom and for what purpose.