A report issued by the Information Commissioner's Office (ICO) back in February this year highlighted the challenges independent fostering and adoption agencies are facing when looking after sensitive personal information. Specifically, the sharing of data relating to the care and wellbeing of vulnerable children.
The ICO found a number of common problems including sending information insecurely between agencies and local authorities, and between carers and agencies. There was also a general lack of awareness, training and guidance, and a failure to encrypt sensitive personal information held on mobile devices, such as laptops and memory sticks.
ICO Good Practice
John-Pierre Lamb, group manager in the ICO's Good Practice team, said at the time of the report release: "The work fostering and adoption agencies carry out is vital to helping some of the most vulnerable young people in society. Keeping their sensitive personal information secure must be recognised as an important part of this process and agencies must have the necessary safeguards in place to keep this information safe whether it's in the office, at home or on the road.
"The worst breaches of the Data Protection Act can lead to a monetary penalty of up to £500,000, but when you consider the sensitivity of the information this sector is responsible for, the human cost could be far more significant."
Meeting the 8 principles
Since the report was published, Kasper Fostering has been involved in a number of working groups to consider how we - as an Agency and a whole sector - may be able to better meet the 8 data protection principles in our work. These state that personal information must:
- be fairly and lawfully processed
- be processed for limited purposes
- be adequate, relevant and not excessive
- be accurate and up to date
- not be kept for longer than is necessary
- be processed in line with the data subjects' rights
- be secure
- not be transferred to other countries without adequate protection
Two Kasper staff members attended a working group at BAAF in March, comprising representatives from NAFP, Fostering Network and the DfE; we were one of two independent fostering providers invited to join the debate. The workshop explored common issues experienced by independent providers which included information contained within foster carer records and young people's diaries, DBS checks and confidentiality, sharing agency information and records with legal representatives, alongside overseas checks.
The Safe Network has also produced basic steps to safety, with key information on protecting children and young people's personal data. Balancing a child’s right to privacy with the need to work positively with their carers, this includes best practice advice surrounding the storage of records which includes:
- Information about concerns, allegations, and referrals should not be kept in one ‘concern log’ rather information or items relating to individuals need to be kept in separate files.
- Files containing sensitive or confidential data should be locked away and access to the keys strictly controlled.
- Access to those records needs to be limited to people in named roles who either need to know about the information in those records and/or who manage the records/files.
- If records are stored electronically then password-protect those records, which only limited staff should have access to.
BAAF and NAFP are working together to gather data in terms of current information sharing processes, and deliver training sessions to enable independent fostering agencies and the fostering and adoption sector as a whole to achieve best practice in this area.
Through our own record keeping and data protection training, policies and procedures Kasper Fostering is continuing to ensure staff, foster carers and children and young people are sharing information safely and securely. We also ensure children and young people know and understand their rights regarding personal information, and accessing their records, to know about their background and family history.