We read with interest about a report that claimed sensitive information about vulnerable children is at risk due to ‘insecure’ links between fostering agencies and councils.
The report, commissioned by the Information Commissioner’s Office (ICO), found that appropriate staff training relating to the management of personal information is lacking, while sensitive data on mobile devices such as laptops and memory sticks often remains unencrypted.
While the report was focussed specifically on those agencies involved in fostering and adoption some of the findings can be applied more broadly to the social care sector where there is a mixture of paper, applications and devices all holding very sensitive information about people.
These kind of warnings (and the associated fines for sensitive data breaches) often scare front line workers into not sharing information at all. One consequence of this is a kind of paralyisng effect where practitioners are so concerned they withhold information, or are reluctant to share the right information at the right time.
We have been privileged to work with lots of organisations operating in this sphere struggling with this tension between the duty to protect data and the duty to share data in their work to keep clients safe. And our sense and this is backed up by a number of serious case reviews is that often the signs that something is wrong or about to go wrong for a client exist out of the “care system” and are noticed in the more universal services.
Often it is someone from a children’s centre that notices a steady flow of different people picking up little Johnny every day, or that mum perhaps is struggling on a more consistent basis. It maybe the school nurse who notices that a child is hungry constantly.
The story we hear and the evidence we see is that there is large benefit in including as wide a network as possible around a client, to get to the weak signals in a communications network, quickly. It is these kind of crucial information shared among these networks that might otherwise get missed, from people who are less regularly in contact with clients.
At a time when resources are strapped and money is tight, this leads to significant challenges and pressure at the interchange between local authorities, independent providers, and their clients. Having worked with many organisations, not just in the UK, it is one of the first concerns raised by front line workers: “How will I know who I can share information with?”
All of our clients, from social workers through to fostering and adoption agencies, handle significant amounts of personal data about vulnerable people and are required to share this information with other relevant agencies. Often practitioners are looking for some rules to stick to – if it’s X type of case then you are able to let let organisations A, B and C know.
It seems to us that no two families are the same and there are no processes that will account for every scenario. Of course, advice, policies, secure infrastructure and guidance are all important. But ultimately, it is the front line worker themselves who needs to be supported in making the decisions. They need to be thinking about intent. Who am I giving this data to, why and how? Is it reasonable? What are the risks? And then their organisation needs to trust them to get this call right.
Until our front line workforce is comfortable and confident operating like this, we will stay in this paralysed space.
Digital social care tools should hold the minimum amount of data possible to make sure practitioners are confident that data is held securely in the cloud, so no sensitive data goes on to mobile devices like laptops or unencrypted memory sticks.
We need more systems, like Patchwork, that give practitioners the confidence that their client’s data is secure. They will be empowered to work more effectively with others, safe in the knowledge that any sensitive data is safe and letting them get on with their jobs – looking after the vulnerable people themselves, not just their data.