Multi-agency information sharing and assessment – Merton children’s services
Effective sharing of information between practitioners and agencies is essential for the early identification and assessment of need or risk and the provision of services to safeguard and promote the welfare of children. Serious case reviews (SCRs) have frequently highlighted that where information about need and risk isn’t shared in a timely manner, they can go unrecognised or be under-estimated. Consequently, actions required to safeguard and promote the welfare of children was not taken.
Practitioners should be proactive in sharing information, whether this is when problems are first emerging, or where a child is already known to local authority children’s social care (e.g. they are being supported as a child in need, have a child protection plan or are looked after). Practitioners should be aware of the need to share information about other children and any adults with whom that child has contact, which may impact the child’s safety or welfare.
Information sharing is essential for the identification of patterns of behaviour when a child has gone missing, when multiple children appear to be associated with the same context or locations of risk, or in relation to children in the secure estate where there may be multiple local authorities involved in a child’s care.
The statutory guidance in section 10 of the Children Act 2004 makes it clear that effective information sharing supports the duty to co-operate to improve the well-being of children.
Local authorities and partner agencies are advised to rely on ‘legal obligation’ and ‘public task’, as defined in the Data Protection Act 2018, as the lawful basis to process any personal information required to establish whether there is a need to safeguard or promote the welfare of a child. The Data Protection Act 2018 incorporates the General Data Protection Regulations (GDPR) into British law.
This guidance does not make reference to the sharing of information by consent. The reason for this is that the definition of consent set out within the Data Protection Act 2018 is specific and time limited, i.e. would not allow for information that had been shared to be used for any other purpose nor retained by the recipient 
For more information please see chapter 1 of Working Together 2018, pages 18-20 and Part B 1 General Practice Guidance, section 4 of the London Child Protection Procedures.
 GDPR defines consent narrowly because it was primarily concerned with limitations of data sharing for commercial purposes. It is no longer a satisfactory basis for sharing information for the purposes of promoting the wellbeing of or safeguarding children.