Toggle Contrast

Multi-agency information sharing and assessment – Merton children’s services

As Merton Safeguarding Children Partnership and its member agencies are signatories to the London Child Protection Procedures (LCPP) we follow LCPP’s Information Sharing Guidance.

Effective sharing of information between practitioners and agencies is essential for the early identification and assessment of need or risk and the provision of services to safeguard and promote the welfare of children. Child Safeguarding Practice Review, formally Serious case reviews (SCRs) have frequently highlighted that where information about need and risk isn’t shared in a timely manner, they can go unrecognised or be under-estimated. Consequently, actions required to safeguard and promote the welfare of children was not taken. 

Practitioners should be proactive in sharing information, whether this is when problems are first emerging, or where a child is already known to local authority children’s social care (e.g. they are being supported as a child in need, have a child protection plan or are Children Looked After, including those children placed in Merton from another borough). Practitioners should be aware of the need to share information about other children and any adults with whom that child has contact, which may impact the child’s safety or welfare.  

Information sharing is essential for the identification of patterns of behaviour when a child has gone missing, when multiple children appear to be associated with the same context or locations of risk, or in relation to children in the secure estate where there may be multiple local authorities involved in a child’s care. 

The statutory guidance in section 10 of the Children Act 2004 makes it clear that effective information sharing supports the duty to co-operate to improve the well-being of children. 

Local authorities and partner agencies are advised to rely on ‘legal obligation’ and ‘public task’, as defined in the Data Protection Act 2018, as the lawful basis to process any personal information required to establish whether there is a need to safeguard or promote the welfare of a child. The Data Protection Act 2018 incorporates the General Data Protection Regulations (GDPR) into British law (Data Protection Act 2018 ( and include seven golden rules to information sharing. 

This guidance does not make reference to the sharing of information by consent. The reason for this is that the definition of consent set out within the Data Protection Act 2018 is specific and time limited, i.e. would not allow for information that had been shared to be used for any other purpose nor retained by the recipient [1] 

For more information please see chapter 1 of Working Together 2018, pages 18-20 and the Final London MAS DSA 2021.

[1] GDPR defines consent narrowly because it was primarily concerned with limitations of data sharing for commercial purposes. It is no longer a satisfactory basis for sharing information for the purposes of promoting the wellbeing of or safeguarding children.


– For advice for practitioners providing safeguarding services to children, young people, parents and carers please see – Information Sharing (PDF)

–  For more information on the Children and Families Hub please see – Children and Families Hub (formerly known as the MASH) Webpage

– For more information on Effective Support for Families please see –


The seven golden rules to sharing information

  1. Remember that the General Data Protection Regulation (GDPR), Data Protection Act 2018 and human rights law are not barriers to justified information sharing, but provide a framework to ensure that personal information about living individuals is shared appropriately.
  2. Be open and honest with the individual (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so.
  3. Seek advice from other practitioners, or your information governance lead, if you are in any doubt about sharing the information concerned, without disclosing the identity of the individual where possible.
  4. Where possible, share information with consent, and where possible, respect the wishes of those who do not consent to having their information shared. Under the GDPR and Data Protection Act 2018 you may share information without consent if, in your judgement, there is a lawful basis to do so, such as where safety may be at risk. You will need to base your judgement on the facts of the case. When you are sharing or requesting personal information from someone, be clear of the basis upon which you are doing so. Where you do not have consent, be mindful that an individual might not expect information to be shared.
  5. Consider safety and well-being: base your information sharing decisions on considerations of the safety and well-being of the individual and others who may be affected by their actions.
  6. Necessary, proportionate, relevant, adequate, accurate, timely and secure: ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those individuals who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely (see principles).
  7. Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.