Data-gathering: damned if we do, damned if we don’t?

[I realise I haven’t posted for a while, but given that the widely reported case yesterday where Haringey was ordered to pay human rights compensation for an unlawful child protection enquiry was our case, it might be surprising if I had nothing to say! In fact, there is a lot to say here about good social work practice, details the mainstream press haven’t descended into…

If you don’t know the case I am talking about, it’s here: AB & Anor, R (on the application of) v The London Borough of Haringey [2013] EWHC 416 (Admin) (13 March 2013)

You can read commentary from:

The Guardian: Couple falsely accused of child abuse win damages from Haringey council

The BBC: Haringey’s social services child inquiry ruled unlawful

The Telegraph: Baby P council under fire for launching ‘unlawful’ abuse inquiry

The Mail: Parents’ social service hell after one anonymous letter]

The facts

So, briefly, an anonymous allegation is made to Haringey Social Services about parents who, it later transpires, are child protection professionals. Haringey seek information from the GP, asserting that they are undertaking a child protection investigation, and also from the school. Nothing damaging comes back, the GP says explicitly that he knows them well and has no concerns. They are contacted by mobile, and immediately challenge the lawfulness of what has gone on before; their challenge sets in motion a course of events which results in Haringey saying they are escalating to a full-blown child protection enquiry, which in due course is closed down, suspected of having been malicious, when no concerns are found.

I want to focus for now, in two posts, on two criticisms that have inevitably been made about our challenge to Haringey. In doing so, I can highlight two points of wider relevance that the case has achieved, that are comparatively unusual.

“Damned if they do, damned if they don’t”

Some have inevitably reacted that Haringey are “damned if they do, damned if they don’t”. Haringey gets it in the neck when it fails to intervene robustly, then when it intervenes too robustly. For example, comments on the Mail’s article (linked above) include “And if the child was at risk and they had done nothing?” and “No point in reporting any suspicion of child abuse then as a Judge says it’s unlawful to investigate. Crazy or what!!”

In particular, there are concerns about information sharing and data gathering. The judge in our case was scathing about Haringey’s unlawfully contacting other agencies without consent. He said,

“Issue 3: Was the data-gathering exercise before and during the initial assessment process unlawful?

76. The initial data-gathering exercise was unlawful in two respects:

(1) The initial request for data was sent to EF’s GP accompanied by the erroneous information that LBH was currently working with the family, that LBH was already undertaking a CYPS assessment and that confidential details including the possible presence of risk indicators of physical abuse, should be provided. In addition to these statements or implications being erroneous, no consent had been obtained from EF’s parents and it was not a justification to seek the information without consent that their identity was not at that time known since this statement was also untrue.

(2) The consent of the parents had not been obtained before the school was approached. Moreover, it was impermissible to post details of the referral on RIO to enable the school nurse to read them prior to obtaining the parents’ consent.

77. These were serious departures from permissible practice and these actions were unlawful.”

But isn’t “the child’s welfare is paramount: share, share, share” a lesson that is drummed into us?

Quite possibly so. And such an approach may be driven by an aversion to the risk that the next Baby P may happen on our watch, or a certain complacency that no-one ever challenges misuse of data in the child protection context and wins.

But it is wrong. The data-gathering that routinely occurs is often unlawful. It can be successfully challenged. There are good reasons it is unlawful. And it is not a case of “damned if you do, damned if you don’t”.

So, three questions:

  1. What does data protection law actually say?
  2. Why is that a good thing?
  3. How can we make sure we get it right both ways, i.e. share when we should, don’t when we shouldn’t?

What does Data Protection law actually say?

The Data Protection Act does not require us to share data. Rather, it sets out a limited set of circumstances in which it is permitted. One of these is with consent. A second is where it is necessary “for the exercise of any functions conferred on any person by or under any enactment”. This second one is widely relied on, but it requires what is termed a “statutory gateway”.

One such statutory gateway is section 47 of the Children Act 1989. In the context of a section 47 enquiry, we can share relevant information without consent (subject, of course, to complying with the relevant statutory guidance).

That being the framework, the judgment in our case begins to make sense. There was no section 47 enquiry. There was no consent. The data gathering was unlawful.

Why is that a good thing?

Even if you accept this is technically right (which the judge said it is!) you might think it’s a bad thing, getting in the way of effective child protection.

I rather think that depends how far you favour a particular model of coercive child protection – which I don’t. But the legal case for that particular coercive model is dubious. Partnership with parents is one of the principles underpinning the Children Act, and what this means in the context of data-sharing is set out in the statutory guidance ‘Working Together’ (the name says it all!) at paragraph 5.35,

“The parents’ permission, or the child’s where appropriate, should be sought before discussing a referral about them with other agencies unless permission-seeking may itself place the child at increased risk of suffering significant harm.”

So, there is a threshold test: will seeking consent place the child at increased risk of suffering significant harm? Data-mining without consent is predicated on an assumption not only that the child is at risk of significant harm, but that working in partnership with the parents will place the child at increased risk. Doing it routinely is sending out a message that we either have no ability to work in partnership with parents, or alternatively that we presume all parents will take it out on their children if we seek to work in partnership with them.

That message is dangerous. It is going to reinforce a stand-off between parents and social workers. It is going to reinforce mistrust and create a vicious circle in which co-operative working between parents and social workers is ever less likely. It is a bad thing.

So conversely, getting data protection right, as well as being lawful, and consistent with ‘Working Together’ is a good thing.

There is another reason it is a good thing. Human rights. Data-mining in child protection matters intrinsically invokes the Article 8 right to private and family life. As a human rights profession, we surely don’t want to routinely undermine human rights. In words of Eileen Munro I have quoted before,

“…liberal societies have placed a high value on privacy and confidentiality precisely because they present an obstacle to the State. While the State sees this in a negative light, the individual values it as a protection of their freedom. The professional ethic of confidentiality is seen by the government as an obstructive barrier to be removed in implementing their monitoring and assessment programme but this should remind us that the ethical principle is playing its rightful part as a protective barrier, defending the individual against excessive intrusion by the State.”

[Munro, Eileen (2007) Confidentiality in a preventive child welfare system. Ethics and social welfare, 1 (1). pp. 41-55]

How can you make sure you get it right both ways?

As the Information Commissioner explained in the context of Every Child Matters,

“The Every Child Matters agenda extends social care from protection to welfare. Although there are overlaps, this shift means that substantially more information will be collected and shared about substantially more children for different reasons. These different purposes raise different considerations from a data protection perspective. It is important that approaches used in the context of protection are not assumed to be transferable to the welfare context.”

[Protecting Children’s Personal Information: ICO Issues Paper, Information Commissioner’s Office]

Remember, then, there is a threshold test. Below it, you need consent. Above it, you don’t. Failing to seek consent when below the threshold is unlawful. Failing to protect when above the threshold is unlawful. It is not “damned if you do, damned if you don’t”. It is “damned if you do when you shouldn’t, damned if you don’t when you should”. Since the boundary between the two is clearly defined, you can get it right both ways and all the time.

Of course, you need to avoid other errors made by Haringey, you need to properly understand what is meant by significant harm, the boundary between child welfare and child protection, and the point at which section 47 bites. But that is another blog for another day.

Allan Norman (@CelticKnotTweet) is a registered social worker and a solicitor at Celtic Knot – Solicitors and Social Workers. He acted for AB and CD in the successful judicial review of Haringey LBC discussed here.

Advertisements