ICO issues 10 step guide to sharing information to safeguard children and young people


19th September 2023

The Information Commissioner’s Office (“ICO”) has published a 10-step practical guide on data protection as part of the safeguarding process, aimed at people who are involved in safeguarding children: at all levels, and in all sectors in the UK, emphasising that, “Safeguarding children is everyone’s responsibility – not just practitioners in child safeguarding.”

The ICO has identified the need to improve data sharing practices in recent serious case reviews where children have been seriously harmed, and have even died, as a result of abuse or neglect and information has not passed on appropriately. Poor practices and gaps in the information shared between organisations were key contributing factors in the failures to protect children.

The new guidance aims to raise awareness of the benefits of sharing information to protect children and young people from harm, reflecting that data protection law does not prevent this. It emphasises how to go about sharing information in a fair, proportionate and lawful way and that appropriate information sharing is central to effectively safeguarding children from harm and promoting their wellbeing.

The ICO emphasises that data protection law has an enabling role, which supports information sharing and that organisations should not fear being criticised if they share information to protect children and young people at risk of serious harm.  Launching the guidance John Edwards, the UK’s Information Commissioner, said:

My message to people supporting and working with children and young people is clear: if you think a child is at risk of harm, you can share information to protect them. You will not get in trouble with the ICO for trying to prevent or lessen a serious risk or threat to a child’s mental and physical wellbeing. Data protection law helps organisations share data when required. Our guide will support senior leaders to put strong policies, systems and training in place, so their staff are encouraged and empowered to share data in an appropriate, safe and lawful way.

The ICO’s guidance is aimed at all those involved in safeguarding children, however it is particularly important for individuals working in roles such as senior leaders, managers, safeguarding leads and practitioners, volunteers, individuals working in the private sector and competent authorities who share personal information. If organisations encounter any challenges when sharing information, they should obtain advice from their Data Protection Officer and where appropriate seek legal advice.

ICO's 10-steps for sharing information

In order to safeguard children and young people, the ICO has advised organisations to:

  • Step 1: Be clear about how data protection law can help you share information to safeguard a child;
  • Step 2: Identify objectives for sharing information, and share the information needed, in order to safeguard a child;
  • Step 3: Develop clear and secure policies and systems for sharing information;
  • Step 4: Be clear about transparency and individual rights;
  • Step 5: Assess the risks and share as needed;
  • Step 6: Enter into a data sharing agreement;
  • Step 7: Follow the data protection principles;
  • Step 8: Share information using the right lawful basis;
  • Step 9: Share information in an emergency;
  • Step 10: Read the ICO’s data sharing code of practice;

For further information on each step and specific examples, you can read the ICO’s full guidance here.

The ICO will also develop guidance for specific sectors across the UK nations recognising the different legislative and policy landscapes that apply.

If you need any legal advice on the impact of this guidance, specific safeguarding and information sharing concerns or require safeguarding or other policy reviews, please get in touch with Eve Piffaretti, Partner, Trish D’Souza, Legal Director and Tomos Lewis, Legal Director.

This article had been co-written by Eve PiffarettiTrish D’Souza and Charles Collar.

Data protection training

Book a place on our BCS accredited training course

Sign up here