asked Her Majesty's Government:
How many individuals' profiles have been shielded from disclosure under the Children Act 2004 Information Database (England) Regulations 2007 (SI 2007/2182); and [HL5508]
How they define “increased risk of significant harm” as used in the guidance relating to the Children Act 2004 Information Database (England) Regulations 2007 (SI 2007/2182) for the purpose of determining whether the data of a child should be shielded on ContactPoint; and [HL5509]
Whether a child's data will be shielded on ContactPoint if access to those data significantly increase the risk of harm; and [HL5510]
What advice they have received about data protection in relation to ContactPoint; and what risk assessment they have carried out on this matter and [HL5511]
What is the legal basis for allowing information concerning adults to be stored on ContactPoint; and how the storage on ContactPoint of data concerning adults relates to the Data Protection Act 1998. [HL5512]
In response to Question HL5508, the process of applying shields to ContactPoint child records has not yet begun. Data loading into a secure environment, for live operational purposes, is scheduled to be completed during December of this year. As soon as this data load is complete, specifically identified local authority implementation managers will all take action to shield those child records that require it, before any practitioners are given access to the system.
In response to Question HL5509, by increased risk of significant harm, we mean that one or more individuals could cause significant harm to the child/young person and/or their parent/carer should their location be visible and therefore, the child/young person and/or their parent/carer are being, or will be, protected at a location that is not known to the individual(s) posing the threat. Shielding is an additional safeguard and wholly in line with the Data Protection Act 1998
The Children Act 1989 introduced the concept of significant harm as the threshold that justifies compulsory intervention in family life in the best interests of children. Local authorities will make case-by-case judgments about whether a record should be shielded based on the ContactPoint guidance, which in turn makes reference to the well established principles and guidance, Working Together to Safeguard Children. There are, however, no absolute criteria on which to rely when judging what constitutes significant harm.
In response to Question HL5510, the answer is yes. Local authorities may shield child records when there are strong reasons to believe that not doing so would be likely to place an individual at increased risk of significant harm. The appropriateness of shielding a record on ContactPoint must be determined on a case-by-case basis.
In response to Question HL5511, we have always sought a balance between children's and families' rights to the services to which they are entitled, and their individual rights to privacy. The purpose of ContactPoint is clearly set out in Section 12 of the Children Act 2004—to support the Section 10 and 11 duties to co-operate to improve children's well-being and to safeguard and promote their welfare. The inclusion of all children and young people in England is a requirement of ContactPoint and we believe its purpose could never be achieved through a consent-based or opt-out system. We take our responsibilities under the Data Protection Act 1998 (DPA) very seriously. As with all legislation we have sought the necessary legal advice on the relationship between ContactPoint and the DPA and are confident that ContactPoint remains compliant with the Act.
ContactPoint has been, and continues to be, subject to regular risk reviews, both internal and external, conforming to Government best practice guidelines. A summary of the results of the Deloitte independent security review, commissioned by the Secretary of State for Children, Schools and Families, was published in February 2008. The report identified that security is ingrained within the project. A further independent technical security check is scheduled before ContactPoint moves into live operation.
In response to Question HL5512, Section 12(4)(c) of the Children Act 2004 (which came into force on 1 January 2006), makes provision for ContactPoint to hold the name and contact details of any person with parental responsibility for the child or young person, or who has care of him at any time. Schedule 1(6) of the Children Act 2004 Information Database (England) Regulations 2007 (which came into force on 1 August 2007), sets this requirement out in more detail.
Regulation 4(1) of the Children Act 2004 Information Database (England) Regulations 2007 sets out that ContactPoint will contain information on all children in England up to their 18th birthday. In specific circumstances, young people (such as care leavers and those with learning disabilities), aged 18 or over may continue to have their records held on ContactPoint up to age 25, with their informed, explicit consent. This provision exists in Regulation 4(2), and helps to facilitate the transition to adult services for those young people who may have multiple, additional needs. These young people are known as “participating young persons”.
Section 12 of the Children Act 2004 provides the permissive gateway to hold such data without breaching the Data Protection Act's requirement of lawfulness—this has been confirmed by Richard Thomas, the Information Commissioner.