View LCP Procedures View LCP Procedures

1.5.1 Access to Records

Contents

  1. Introduction
  2. The Right of Access
  3. Requests from Service Users for Access to Records Held by the Adults Social Care Services and Children's Services
  4. Information Sharing with Third Parties
  5. Roles and Responsibilities
  6. Review

    Appendix A

    Appendix B

    Appendix C

    Appendix D

    Appendix E

    Appendix F


1. Introduction

This document provides detailed information for staff in Children's Services and Adult Health and Social Care in dealing with these matters and should be read in conjunction with the Council wide policy and procedure papers.

NB those papers include details of the Data Protection Act principles and the Caldicott Principles.

The Council has a Data Protection policy document along with a procedure document entitled 'Handling of Information Requests under the Data Protection Act 1998'.  Copies of these documents can be viewed by contacting the records team.

Staff in the Children's Social Care may also wish to refer to the following items from the Children's Divisional Handbook, Children's Policy, Values and Underlying Principles of Recording, Confidentiality and Consultation and Adoption Case Records Procedure


2. The Right of Access

The right of access to information applies to all living individuals. The Act makes no special provisions in relation to requests made by adults, children, people with learning disabilities, or a mental disorder.

If a child or young person under 18 does not have sufficient understanding ('Gillick-competent') to make a request on his or her own behalf, a person with Parental Responsibility can make the request on his or her behalf. The data controller must be satisfied either that the child or young person does not have sufficient understanding or that he or she has provided consent. An appropriate Social Work Manager may need to assist the Data Controller in making the assessment of an individual's age and understanding.

If a person does not have the capacity to manage their affairs, a person acting under an order of the Court of Protection or who has Enduring Power of Attorney (or Lasting Power of Attorney from October 2007) or is a Deputy or is an Independent Mental Capacity Advocate can request access on her of his behalf.  People with learning disabilities or mental health problems do not necessarily lack the mental capacity to make a subject access request on their own behalf.  Such requests require a judgement to be made on a case-by-case basis as to their mental capacity. The data controller should consult an appropriate health professional (or Social Care Professional) in these cases.

Any data subject can make a request for information through a representative or agent; such representatives must have the written consent of the data subject and must confirm their identities.


3. Requests from Service Users for Access to Records Held by the Adults Social Care Services and Children's Services

General principles

Data subjects have a right:

  • To be told whether the Children's Services or the Adult Health and Social Care Department is holding information about them, or if someone else is doing so on the Department's behalf
  • To be given a description of the information, the purpose or purposes for which it is being held, and to whom information has been, or may be, disclosed
  • To be told the information that is held about them and the sources of the information.

The established practice whereby social workers / members of staff, as part of their normal working relationship with a service user, share information held on file (or records) with the service user, is not affected by this Policy. Those who work with service users must, however, always ensure compliance with the provisions of the Data Protection Act, particularly regarding disclosure of information about the service user that might cause serious harm to the service user or another individual.

Requests for access

People who wish to access information the Department holds about them must apply in writing. The data subject is required to:

  • To describe as precisely as possible the information they wish to access.
  • To provide their full name and date of birth, including any names under which the Department might have known the applicant.
  • To use the Department's Application Form, 'Access to Personal Information' and be given the Access to Personal Information leaflet that accompanies it.  Data subjects are not, however, required to use the form, and may state their request in the form of a letter (or email), which must be treated in exactly the same way as the form.

Where data subjects have difficulty completing the application form or composing the letter, staff may provide assistance but they must ask the data subject to sign the form or letter.

In all cases the data subject must be given a copy of the completed application or letter.

Applicants must provide proof of their identity and their current address.

The Local Authority reserves the right to charge the statutory fee of £10 for subject access requests. Under the current policy, there are no charges made for this service.

Responsibility for handling requests

As the Authorities Data Protection Controller, the Corporate Records Unit in the Strategic Services Department holds responsibility for logging all Data Protection Act (Access to Personal Information) requests received by the Council. 

All requests for access to Children's Services and Adult Social Care Records will be forwarded to the Records Team (contact details for this team are available in Appendix C) who are responsible for acknowledging, processing and monitoring all the Data Protection Access to Personal Information requests for both Department's. 

Responsibility for dealing with the logged request depends on the status of the data subject

  • Current Children's Services users - the allocated Social Worker;
  • Former Children's Services users - the Children's Quality Assurance Unit (unless the case has been closed for less than two years, in which case the team which last held responsibility will deal with the matter. In such circumstances refer the case to the relevant Service Manager for advice)
  • Current Adult Services users - the Assessment and Care Management Team holding case responsibility
  • Former Adult Service users - for closed cases the team who last held the case.
  • Adoption and fostering requests - the Adoption and Fostering Unit (covering cases such as Post Adoption requests and current / former foster carers).
  • Education - Records requests to be forwarded to the appropriate Business Manager.

The Children's Quality Assurance Unit is able to provide specialist input and advice on cases relating to Children's Social Care Services.

In circumstances where there is an indication that a claim is being made against the Council, or that a claim is contemplated, staff should advise Insurance Section (who will inform the Council's Insurers). The Insurer (and Solicitor) will then be able to offer advice in relation to sharing and releasing of documents.

On occasions a Complaint may contain a request from the complainant who also wishes to view records held. The normal processes as outlined in this document must be followed in relation to access to records under the Data Protection Act.

Responding to requests

A standard acknowledgement letter that explains to the data subject the process used within this Department for handling subject access requests will be issued within three working days of receiving the written application by the Records Team in the Adult Health and Social Care and Children's Services Departments.

A flow chart outlining the process is available in Appendix D.

Within 40 days of receiving the written application and proof of identity and address, the applicant must be provided with access to records held, including provision of copy documents.  In order that records may be found and copied, and consents obtained, there should be no delay in starting the process.

Third party information

Where disclosure would also reveal information about another person that would identify that person ("the third party"), the consent of the third party must be sought and obtained unless it is reasonable in all the circumstances to disclose without the person's consent. For example, this may be where the disclosure would not breach any duty of confidentiality or where the individual is incapable of giving consent by reason of mental health or some other legal reason. It would not be normal practice to refuse to disclose information identifying Social Work professionals although this could be done if there were grounds to believe that the Social Worker or other member of staff would suffer serious harm if the information were disclosed. The less personal or extensive the information, the less justifiable any refusal would be. In all cases, such reservations should not be used as an excuse not to provide access to the information: as much information should be provided without disclosing the identity of the third party if refusal of disclosure is appropriate and efforts to obtain consent have been unsuccessful.

Following receipt of each access request an assessment should be undertaken of the third party information held, if any. Consideration should be given to the impact of sharing or not sharing information held with the 'data subject'. Such consideration should also bear in mind the rights of the third party. Any matters requiring clarification should be referred to Legal Services for advice.

Where consent is required from a third party who could be identified from the disclosed information, this must be obtained, in writing by the member of Social Work staff handling the request, using the standard letter (copy in Appendix E).

Requests received from Advocates

A 'data subject' may authorise in writing for a solicitor or another person to act as their advocate to seek access, on their behalf, to records held.

In such cases the applicant's proof of identity must be sought. A copy of the advocate's proof of identity (and where appropriate proof of address) must be requested.

Staff dealing with applications by advocates / solicitors may wish to seek advice from Legal Services on the following issues: -

a.

The extent of authority given to a person with

  • A Court of Protection Order
  • An order giving enduring power of attorney
  • Other appropriately appointed person under the Mental Capacity Act 2005.
b. Whether there are any current matters being addressed between the Council's Solicitors and the 'data subject's' Solicitors.

Solicitors and advocates will usually request a paper copy of the records held, rather than viewing the files at an office location. Staff should follow the same process in relation to checking third party information, seeking legal advice as appropriate.

Once the file is ready, a copy of the documentation can be made. Arrangements must be made for a copy to be sent by registered mail (or in exceptional circumstances by courier service).

Refusal of access

If access is to be refused, the Business Unit Manager, seeking advice as appropriate from Legal Services, must make the decision. The Records Manager will advise the applicant using the standard refusal letter (see Appendix E). The reason for refusal must be stated and explained in writing, this must include the appropriate reference from the Data Protection Act. If access to only part of the information is refused, this should likewise be explained.

Grounds for refusal of access

Data subjects have a right to all personal information held about them, unless it is subject to an exemption, or a third party has refused his or her consent to disclose.  The Act describes a number of exemptions, the most relevant for Social Care being that relating to health, education and social work.

Social Care information should not be disclosed if it would cause serious harm to the physical or mental health or condition of the data subject or another person, for example not disclosing to a parent the whereabouts of a child if to do so would place the child at risk of harm. In addition, information as to the physical or mental health or condition of the data subject should not be disclosed if its disclosure would cause similar harm. In such cases, the data controller must first consult an appropriate health professional (or Social Care Professional).

Information deemed confidential by other legislation, or by order of a court remains confidential. The same applies to the common law duty of confidentiality.

Staff must show awareness of the Caldicott principles when considering, information sharing. The 6 principles are outlined in Appendix A

If the data subject is dissatisfied with the decision to refuse access to records they may complain and / or appeal. Initially all such complaints should be channelled through the Council's complaints procedure. Once this process has been completed the applicant may, in circumstances where they remain dissatisfied contact the Information Commissioner or they can pursue the matter through the courts. We are advised that the Information Commissioner would expect the data subject to have used the internal complaints procedure and exhausted that process before writing to the Information Commissioner on the matter. The Court process is seen as a last resort option. (These avenues are explained in the Access to Personal Information leaflet and the Complaints procedure).

Preparing the information

Before the data subject views his or her file, the member of staff responsible for the file should ensure that only information that may be disclosed is available and shown to the data subject.

This may mean copying a document and rejecting areas of that document that cannot be shared with the applicant (or their advocate). Action required will also include ensuring necessary steps have been taken to obtain the necessary consent to release of third party data where appropriate.

People providing information to the Department about data subjects / potential data subjects should be informed that an open access policy applies and that this may mean information given is shared with the data subject. Please refer to details outlined above relating to third party information.

Arranging access

The member of staff is responsible for making arrangements with the applicant regarding the date, time and location for viewing the information. These will be made in writing, using the standard appointments letter (see Appendix E). This letter also reminds applicants of the documents required for proof of identify that they must bring with them to the appointment.

Where the applicant requests a copy of the documentation, rather than attending an appointment to view the records, the Department will provide a paper photocopy of the records held. Where requested to do so the Department can provide: -

  1. A copy of the documentation in electronic format (e.g. PDF)
  2. A large print version
  3. A translated version

Viewing information

When viewing information, the data subject will be allowed to read his or her file in a private room but must be accompanied by a member of staff. Such staff will be present to explain the data subject's rights, and discuss or interpret the contents of the file, as necessary. The data subject must not be left unsupervised.

Data subjects may be supplied with photocopy pages of their file. In such cases, a record should be kept of copies made and filed in the Social Work report section of the case file.

The data subject may be accompanied by a friend or advocate.

Inaccurate data

If the data subject considers information on the file to be inaccurate in any way he or she has the right to have a correction added to the case file record.

If there is no-agreement to a data subject's request to correct the file, the data subject's view should be added to the file with an explanation of why the worker disagrees.

Complaints and Appeals

If the applicant is dissatisfied with the way the Department has responded to his / her request for either access to, or correction of, information, she / he has the right to make a complaint using the Council's Complaints procedure. Once this process has been completed the applicant may, in circumstances where they remain dissatisfied contact the Information Commissioner

Staff should refer to the Complaints procedure documentation and provide the data subject with a copy of the complaints leaflet.


4. Information Sharing with Third Parties

General principles and responsibilities

Principles

Every effort should be made to obtain informed consent from the data subject. Consent assumes communication between the Department and the data subject and this may be through discussion.  Failure by a person to return a form requesting consent cannot be assumed to imply consent. However, data sharing should not be delayed where it is necessary to protect the vital interests of a data subject or another person.

Good social care practice often involves informing others about aspects of a data subject's needs and the support, care and interventions that are being considered, planned or provided. It may also be necessary to share personal information in order to fulfil a statutory obligation. Information sharing procedures must in all cases be in accordance with - London Borough of Southwark Information Sharing Protocols (tier 1, 2 and 3 documents have been produced). Young Southwark has an information Sharing Protocol that received approval in March 2006.

Where staff wish to disclose personal information to a third party, they must consider their obligations under the Data Protection Act, the Human Rights Act 1998 and their common law duty of confidentiality and the Caldicott Principles, in order that confidentiality is in all cases safeguarded. 

The conditions under which personal data and sensitive personal data may be disclosed are outlined in Schedules 2 and 3 of the Data Protection Act (see Appendix A for details). Conditions are more stringent for the processing of sensitive personal data (which would cover physical and Sexual Abuse of adults and children and Neglect of children.) Consent should always be sought, unless doing so would interfere with a statutory obligation. In some cases, it may be necessary to disclose without consent, in order to protect the vital interests of the data subject, or other person or where it has not been possible to obtain consent. The Data Processing (Protection of Sensitive Data) Order 2000 allows that data can be processed by an exchange of information and decision making in secret from the data subject if there is a substantial public interest and it is necessary for the prevention or detection of an unlawful act or seriously improper conduct is being investigated and secrecy is required.

Routine procedures and consent arrangements

Routine procedures ensure that data subjects are made aware that staff may need to share information with each other, as well as with other services, in order to ensure good quality care and support. At the earliest opportunity after the data subject is first referred (or re-referred), the data subject / service user should be asked (for their agreement to staff sharing information with colleagues in partner agencies) for their consent. This can be offered verbally 'implied consent' or in writing 'explicit consent'. An information sharing protocol and consent form is in place in Children's Services. A section in the Assessment form is designed for this purpose in Adults Services. A copy of the signed document must be placed on the service users case records. Where consent is provided verbally the Social Worker must record this matter in the Social Work Case Records section. Where any concerns raised by the data subject about confidentiality this should be recorded on the consent form and on the file. A copy of the information sharing consent form is available in the Information Sharing Protocol.

Where a data subject refuses consent to disclose information, staff will need to record this on the data subject's file and on the consent to information sharing form (a copy should be placed on the data subjects file in the Social Work Case Records section). The Department's statutory obligations should be explained to the data subject and the data subject made aware that their wishes will be respected; however, where the conditions for disclosure without consent exist, disclosure to third parties will be made.

Disclosure without consent

Information must only be shared on a 'need to know' basis. This principle applies both to whom it is appropriate to communicate information and what information it is appropriate to communicate - e.g. information to service providers. In essence, the disclosure should be proportionate to its purpose: Social Workers / staff members will need to use their professional judgement particularly where it is decided to disclose information without consent.

Treating information as confidential

Staff must ensure that anyone who is given access to personal information is made aware of the need to treat the information as confidential.

Those who arrange contracts with providers must ensure that the need for confidentiality of data subject information is set out in the contract between the Department and that individual or organisation.

Disclosure for research

Research of any nature (student project, research in relation to staff, service users and carers) needs to be managed by the Department in line with the Department of Health publication entitled 'Research Governance Framework for Health and Social Care' first published in 2001 (ref23553 1P 3k Mar01 ABA). (see the Department of Health website)

Where there is a proposal to participate in research or to commission a research project, the sponsoring Service Manager needs to prepare a report for their SMT representative which will be presented to SMT (or other such meeting as SMT determine) for consideration / approval. All requests will need to be logged and monitored.

The report must address the points set out in section 3.10 of the Research Governance Framework document.

Before disclosing information for research purposes, this information must be anonymised or aggregated.


5. Roles and Responsibilities

IKM / Group Manager Data Services

Overall responsibility for Data Protection matters within the Council. This includes: -

  • Maintaining the notification of all Southwark databases and records with the Information Commissioner's Office.
  • Producing policy, procedure and guidance notes
  • Ensuring appropriate and adequate training is available to Council Officers.
  • Ensuring that all Subject access requests received by the Council are logged, monitored and handled in line with policy and procedures.
  • Providing support, advice and guidance as necessary to Council officers including raising complex matters with the Borough Solicitor (as the Council's monitoring officer).

Business Unit Managers (or delegated officers)

Compliance with Policy and associated procedures in relation to: -

  • Handling subject access requests
  • Providing case records to services users following receipt of requests or refusing access
  • Processing of personal information

Records Managers

  • Log and Monitor all requests from Data Subject for access to records within the Department.
  • Provide guidance, advice and assistance to Departmental staff on Data Protection matters.
  • Monitor compliance in the Adult Health and Social Care and Children's Services Departments with Data Protection Act, Identify issues, risks and outline recommendations for solving problem areas.
  • Understand the Department obligations under the Data Protection Act and provide advice and guidance in given circumstances.
  • Involvement in staff Induction training, ongoing training programmes and seminars in relation to the Data Protection matters within the Department.
  • Promote, review and revise policy, guidance and procedure documents, 
  • Including offering advice on DPA matters to staff in the Department.

Staff

Be aware of their responsibilities in relation to Data Protection

  1. Processing personal information in line with the Data protection principles
  2. Making personal information available to data subjects following receipt of valid subject access requests
  3. Ensure appropriate security and confidentiality of paper documents e.g. locked cupboards, filing systems and cabinets
  4. Enduring that data held in paper or electronic formats is not deliberately or accidentally disclosed to any unauthorised third party.
  5. Ensuring security of electronic records and safeguarding access to systems by not sharing passwords or leaving databases or records open on desktops.
  6. Participate in training in relation to Data Protection matters and obligation under relevant legislation.


6. Review

The Records Managers and IKM will undertake a review of the Data Protection policy, procedure and guidance documents at least once every 2 years.


Appendix A

Caldicott Principles

  1. Justify the purpose(s) for using confidential information
  2. Only use it when absolutely necessary
  3. Use the minimum that is required
  4. Access should be on a strict need to know basis
  5. Everyone must understand their responsibilities
  6. Understand and comply with the law

Data Protection Principles

  1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless-
    1. at least one of the conditions in Schedule 2 is met, and
    2. in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Schedule 2

Conditions Relevant for Purposes of the First Principle: Processing of any Personal Data

1. The data subject has given his consent to the processing.
2. The processing is necessary:
  1. for the performance of a contract to which the data subject is a party, or
  2. for the taking of steps at the request of the data subject with a view to entering into a contract.
3. The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract.
4. The processing is necessary in order to protect the vital interests of the data subject.
5. The processing is necessary:
  1. for the administration of justice,
  2. for the exercise of any functions conferred on any person by or under any enactment,
  3. for the exercise of any functions of the Crown, a Minister of the Crown or a government department, or
  4. for the exercise of any other functions of a public nature exercised in the public interest by any person.
6.
  1. The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.
  2. The Secretary of State may by order specify particular circumstances in which this condition is, or is not, to be taken to be satisfied.

Schedule 3

Conditions Relevant for Purposes of the First Principle: Processing of Sensitive Personal Data

1. The data subject has given his explicit consent to the processing of the personal data.
2. (1) The processing is necessary for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with employment.
(2) The Secretary of State may by order -
  1. exclude the application of sub-paragraph (1) in such cases as may be specified, or
  2. provide that, in such cases as may be specified, the condition in sub-paragraph (1) is not to be regarded as satisfied unless such further conditions as may be specified in the order are also satisfied.
3. The processing is necessary -
a. in order to protect the vital interests of the data subject or another person, in a case where -
  1. consent cannot be given by or on behalf of the data subject, or
  2. the data controller cannot reasonably be expected to obtain the consent of the data subject, or
b. in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld.
4. The processing -
a. is carried out in the course of its legitimate activities by any body or association which -
  1. is not established or conducted for profit, and
  2. exists for political, philosophical, religious or trade-union purposes,
b. is carried out with appropriate safeguards for the rights and freedoms of data subjects,
c. relates only to individuals who either are members of the body or association or have regular contact with it in connection with its purposes, and
5. The information contained in the personal data has been made public as a result of steps deliberately taken by the data subject.
6. The processing -
a. is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings),
b. is necessary for the purpose of obtaining legal advice, or
c. is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
7. (1) The processing is necessary -
  1. for the administration of justice,
  2. for the exercise of any functions conferred on any person by or under an enactment, or
  3. for the exercise of any functions of the Crown, a Minister of the Crown or a government department.
(2) The Secretary of State may by order -
  1. exclude the application of sub-paragraph (1) in such cases as may be specified, or
  2. provide that, in such cases as may be specified, the condition in sub-paragraph (1) is not to be regarded as satisfied unless such further conditions as may be specified in the order are also satisfied.
8. (1)

The processing is necessary for medical purposes and is undertaken by -

  1. a health professional, or
  2. a person who in the circumstances owes a duty of confidentiality which is equivalent to that which would arise if that person were a health professional.
(2) In this paragraph "medical purposes" includes the purposes of preventative medicine, medical diagnosis, medical research, the provision of care and treatment and the management of healthcare services.
9. (1)

The processing -

  1. is of sensitive personal data consisting of information as to racial or ethnic origin,
  2. is necessary for the purpose of identifying or keeping under review the existence or absence of equality of opportunity or treatment between persons of different racial or ethnic origins, with a view to enabling such equality to be promoted or maintained, and
  3. is carried out with appropriate safeguards for the rights and freedoms of data subjects.
(2) The Secretary of State may by order specify circumstances in which processing falling within sub-paragraph (1)(a) and (b) is, or is not, to be taken for the purposes of sub-paragraph (1)(c) to be carried out with appropriate safeguards for the rights and freedoms of data subjects.
10. The personal data are processed in circumstances specified in an order made by the Secretary of State for the purposes of this paragraph.


Appendix B

Glossary

Data Subject Data Subject a living individual whose details are held on manual or computerised records. (E.g. Service Users, Clients)
Data Controller the identified person in the Local Authority who determines the purpose and manner for which any personal data is processed.
Information Commissioner responsible for overseeing and compliance with the Data Protection Act and the Freedom of Information Act. (with the authority to investigate and prosecute)
Personal Data data relating to a living individual, where this person can be identified from the information held by the Data Controller.
Sensitive Personal Data

personal data under the following headings

  1. Race or ethnic origin
  2. political opinion
  3. religious or other beliefs
  4. trade union membership
  5. physical or mental health condition
  6. sexual orientation
  7. details of offences, court sentences or allegations under investigation
Processing Organising, adapting and altering data; retrieval, consultation or use of the data in any way; blocking or erasing data. It even includes glancing at a computer screen and disclosure to anyone within or outside the Council.


Appendix C

Records Team

The Records Team are part of the Departmental Services Business Unit,  based on Ground Floor, Woodmill Building, Neckinger, London SE16 3QN
Peter Harris - Records Manager

peter.harris@southwark.gov.uk

 020 7525 3697 
Gil Pennant - Records Manager

gil.pennant@southwark.gov.uk

 020 7525 5011
Damian Burke - Admin. Officer

damian.burke@southwark.gov.uk

 020 7525 3458
Team Fax number 020 7525 3955


Appendix D

Flow Chart

Click here to view Flowcharts


Appendix E

Standard Letters  - Samples of the Following Letters can be Obtained from the Records Team

  1. Standard Acknowledgement Letter (service user).
  2. Letter seeking Clarification and or proof of ID and address
  3. Information not held - suggest contact other agency.
  4. Standard Acknowledgment Letter (Solicitor or Advocate).
  5. Clarification Letter Solicitor or Advocate - consent and or proof of ID and address.
  6. Acknowledgement of proof of ID and address, case referred to SW Manager.
  7. Third Party information - request letter.
  8. Service user appointment letter.
  9. Letter to close case - no proof documents received within 40 days.


Appendix F

Good Practice in Record Keeping

General Principles

  • All entries should be made in ink (preferably black)
  • All entries should be signed and dated
  • Gaps should not be left between entries
  • Entries should be:
    • Concise
    • Legible
    • Accurate
    • Current
    • Complete
    • Sensitive to issues of equality and diversity
  • No slang, jargon, abbreviations, acronyms or offensive language should be used.
  • Records should be objective. A social work professional should not record his or her own unsubstantiated opinions about the data subject. If the opinions of a third party are relevant and it is appropriate to record them the reason for recording them, and any evidence and sources of information provided, should be noted.

Ensuring confidentiality is maintained in offices

Staff should act in a way that protects the confidentiality of information, following these basic rules:

  • Do not give personal information over the phone unless you are fully satisfied as to the identity of the caller and the data subject agrees or would agree to this
  • Do not fax sensitive information.  If you must, you should phone first to check the fax number and to ensure someone is available to collect the fax from the machine as it arrives.
  • Do not leave personal files (or any sensitive information) out of locked cabinets overnight, or in view of visitors during the day.
  • Do not store personal data on hard drives, personal network drives, or floppy disks

Structure of a case file - Details outlined in service procedural handbooks in Children's and Adults Services

Closure of a case file - Details outlined in service procedural handbooks in Children's and Adults Services

On closure follow the Council's Records Management procedures; please refer to the Department's Records Retention schedule for details of the retention and disposal periods for records.

End