Can I Share Information If I Am Worried About Someone?
One of the most common questions people ask when faced with a safeguarding concern is:
"Am I allowed to share this information?"
Many people worry about:
- Breaching confidentiality.
- Breaking trust.
- Violating data protection laws.
- Getting into trouble.
- Sharing information incorrectly.
- Making the wrong decision.
These concerns are understandable.
However, uncertainty about information sharing can sometimes prevent people from seeking help when someone may be at risk.
The purpose of this guide is to explain how safeguarding and information sharing work together and why appropriate information sharing can be an important part of keeping people safe.
Safeguarding and Information Sharing
Safeguarding often depends upon people sharing concerns appropriately.
Without information sharing:
- Risks may go unnoticed.
- People may not receive support.
- Opportunities for intervention may be missed.
- Harm may continue.
- Organisations may be unable to fulfil their safeguarding responsibilities.
Good safeguarding is not about sharing everything.
It is about sharing the right information, with the right people, at the right time, for the right reasons.
Myth: "GDPR Means I Can't Share Information"
This is one of the most common misconceptions.
The UK General Data Protection Regulation (UK GDPR) and Data Protection Act do not prevent organisations from sharing information where there is a legitimate and lawful reason to do so.
In fact, data protection legislation specifically recognises circumstances where information sharing may be necessary to:
- Protect individuals.
- Prevent harm.
- Safeguard children.
- Safeguard adults at risk.
- Meet legal obligations.
- Perform public functions.
- Protect life and safety.
The question is usually not:
"Can information be shared?"
but rather:
"Should information be shared, with whom and for what purpose?"
Myth: "I Need Consent Before Sharing Safeguarding Concerns"
Not always.
Consent is one lawful basis for processing information, but it is not the only one.
There are circumstances where safeguarding concerns can and should be shared without consent.
Examples may include:
- Concerns about a child.
- Risk of serious harm.
- Risk to life.
- Abuse or exploitation.
- Significant safeguarding concerns.
- Risks to others.
Where possible, individuals should be informed about information sharing decisions, but consent is not always required.
What Makes Information Sharing Lawful?
Information sharing decisions should always be:
✓ Necessary.
✓ Proportionate.
✓ Relevant.
✓ Accurate.
✓ Timely.
✓ Secure.
The University should only share information that is required to achieve a legitimate safeguarding purpose.
Understanding Legitimate Interests
Legitimate Interests is one of the lawful bases for processing personal information under data protection legislation.
In simple terms, it allows organisations to process information where there is a genuine and legitimate reason to do so, provided that the individual's rights and freedoms are appropriately considered.
Examples may include:
- Managing safeguarding concerns.
- Supporting student welfare.
- Assessing risks.
- Protecting individuals from harm.
- Maintaining safe learning environments.
Before relying on Legitimate Interests, organisations should consider:
Is there a legitimate purpose?
Is the information sharing necessary?
Does the benefit outweigh any privacy impact?
This balancing exercise helps ensure decisions remain fair and proportionate.
Understanding Vital Interests
Vital Interests relates to situations where information sharing may be necessary to protect someone's life or prevent serious harm.
Examples may include:
- A medical emergency.
- Immediate risk of suicide.
- Serious self-harm concerns.
- Immediate safeguarding risks.
- Situations where a person cannot protect themselves.
Where there is an immediate risk to life or safety, protecting the individual will usually take priority.
Understanding Public Task
Universities carry out a range of responsibilities that are considered to be in the public interest.
This is often referred to as a Public Task.
Examples may include:
- Supporting student welfare.
- Managing safeguarding concerns.
- Protecting children and adults at risk.
- Maintaining safe learning environments.
- Managing risks to the university community.
Information may sometimes be processed or shared because it is necessary for the University to fulfil these responsibilities.
Safeguarding Information Sharing
Safeguarding information sharing is often different from routine information sharing.
The focus is not simply on privacy.
It is about balancing:
- Privacy rights.
- Safety.
- Wellbeing.
- Protection from harm.
Sometimes safeguarding concerns only become apparent when information from different sources is considered together.
For example:
- A welfare concern.
- A disclosure.
- Attendance concerns.
- Accommodation concerns.
- Reports from friends or family.
Individually these concerns may appear minor.
Together they may indicate a safeguarding risk.
Information Sharing Within the University and External Referrals
It is important to distinguish between:
Raising a safeguarding concern
and
Making an external safeguarding referral
Most staff, students and volunteers are not expected to make safeguarding referrals directly to external agencies on behalf of the University.
Instead, concerns should normally be referred to the University's safeguarding team, who will:
- Assess the concern.
- Undertake a risk assessment.
- Consider safeguarding thresholds.
- Review relevant information.
- Determine whether external referral is necessary.
- Ensure information sharing is lawful, necessary and proportionate.
- Maintain appropriate records and oversight.
This helps ensure that safeguarding concerns are managed consistently, fairly and appropriately.
Why Is Safeguarding Oversight Important?
Safeguarding decisions are often complex and may have significant implications for:
- The individual concerned.
- Other people involved.
- Ongoing university processes.
- Data protection obligations.
- External investigations.
- Professional suitability processes.
- Regulatory requirements.
For this reason, decisions regarding external information sharing should normally be coordinated through the University's safeguarding arrangements.
This ensures that:
✓ Relevant information is considered.
✓ Risks are assessed appropriately.
✓ Decisions are consistent.
✓ Information sharing is lawful and proportionate.
✓ Appropriate records are maintained.
✓ Individuals receive appropriate support.
Who Might Information Be Shared With?
Where necessary and appropriate, the University may share information with:
- Safeguarding professionals.
- Student support services.
- Accommodation teams.
- Academic colleagues.
- Human Resources.
- Health professionals.
- Children's Services.
- Adult Social Care.
- Police.
- Local Authority Designated Officers (LADO).
- Position of Trust (PiPoT) safeguarding arrangements.
- Other safeguarding partners.
Information should only be shared with people who have a legitimate need to know.
What Does "Need to Know" Mean?
Not everyone needs access to safeguarding information.
A need-to-know approach means information is only shared with individuals who require it to:
- Assess risk.
- Provide support.
- Manage safeguarding concerns.
- Fulfil professional responsibilities.
This helps protect privacy while ensuring people receive appropriate support.
When Should Staff Refer Concerns Internally?
If you are concerned about:
- A student's welfare.
- A member of staff's safety.
- Abuse or neglect.
- Domestic abuse.
- Sexual misconduct.
- Self-harm.
- Suicidal thoughts.
- Child safeguarding concerns.
- Adult safeguarding concerns.
- Exploitation.
- Significant vulnerability.
You should normally:
✓ Raise the concern through the University's safeguarding process.
✓ Seek advice from the safeguarding team.
✓ Record relevant information.
✓ Allow safeguarding professionals to coordinate any external referrals where required.
Emergency Situations
There may be circumstances where immediate action is required to protect life or prevent serious harm.
Examples may include:
- An immediate threat to life.
- A suicide attempt in progress.
- A serious medical emergency.
- A person requiring urgent emergency intervention.
- A serious crime occurring at that time.
- An immediate risk of significant harm to a child or adult.
In these situations:
✓ Contact emergency services immediately.
✓ Take reasonable steps to protect safety.
✓ Notify the University's safeguarding team as soon as possible afterwards.
Safeguarding procedures should never delay emergency action where there is an immediate risk to life or safety.
What If I Am Unsure?
You do not need to make difficult decisions alone.
If you are unsure whether information should be shared:
✓ Seek advice.
✓ Consult safeguarding.
✓ Discuss concerns through appropriate channels.
✓ Record your reasoning.
Seeking advice is often the safest and most responsible option.
What Information Should I Record?
When raising or sharing safeguarding concerns, it is helpful to record:
- What information was shared.
- Why concerns were raised.
- Who information was shared with.
- Any advice received.
- Any actions agreed.
- Any decisions made.
Good record-keeping promotes accountability, transparency and continuity of support.
When Information Sharing May Be Necessary
Examples include:
A student discloses domestic abuse.
A child may be at risk of harm.
An adult at risk is experiencing exploitation.
A student expresses suicidal intent.
Significant safeguarding concerns emerge.
There is a risk to others.
In these situations, information sharing may be an important part of protecting people and reducing risk.
Safeguarding Is Everybody's Responsibility
Many safeguarding concerns are identified because someone noticed something, asked questions and shared concerns appropriately.
You do not need to investigate concerns yourself.
You do not need certainty that harm has occurred.
You do not need to carry responsibility alone.
Often the most important step is ensuring that safeguarding professionals have the information they need to assess risk and coordinate an appropriate response.
Key Message
Data protection and safeguarding are not opposing responsibilities.
UK GDPR and data protection legislation do not prevent appropriate safeguarding information sharing where there is a legitimate, necessary and proportionate reason to do so.
Within the University, staff should normally raise safeguarding concerns through the University's safeguarding arrangements rather than making direct referrals to external agencies themselves.
The role of staff is to recognise concerns, record information and seek advice. The role of safeguarding professionals is to assess risk, coordinate information sharing and determine whether external referrals are required.
If you are worried about someone's safety or wellbeing, it is usually better to seek advice than remain silent.