All organisations using ContactPoint must complete organisational accreditation before their staff can be granted access to ContactPoint. Part of the organisational accreditation involves ensuring that appropriate disciplinary procedures are in place in the employing organisation should it be necessary to invoke them in relation to any inappropriate use of ContactPoint.
The use of ContactPoint is monitored at both national and local level. Local authorities are responsible for investigating suspected misuse within their user base. A central DCSF team also reviews use of the system and data by local authorities and national partners. If unusual activity by users within a local authority area or a national partner organisation were to be detected by regular auditing, or was suspected or reported, the local authority or national partner ContactPoint Management Team must suspend the user account, notify the user’s manager and carry out an immediate investigation using local policies and procedures.
In the eventuality that there was misuse of data held on ContactPoint, disciplinary action would be a matter for the employer of the individual concerned. No one has been disciplined for misuse of data. However, through DCSF auditing, we have identified five instances where correct procedures were not followed by ContactPoint users. Typically, these were users who searched for records, for example, those of family members, in order to ‘test’ the system, in what they believed was a ‘safe’ way, before undertaking work such as apply shields to records that need them. All cases were immediately investigated and appropriate action has been taken. One of these five instances resulted in an individual being disciplined. The incident, although inappropriate, did not lead to ContactPoint data being compromised and there is no evidence that any of these instances indicated malicious intent, posed any risk to the security of children’s records or constituted misuse of data on ContactPoint.
We have always said that we will carefully monitor the activity of early adopter practitioners to identify any further improvements that may be required. In the light of these instances, we further strengthened our training and guidance materials on correct procedures and use of ContactPoint. This demonstrates that the stringent security processes we have in place are working.