Bedford Borough Council Logo


Top of page

Size: View this website with small text View this website with medium text View this website with large text View this website with high visibility

6.3 Access to Records

RELATED GUIDANCE

Information Commissioners Office – Guide to Data Protection

AMENDMENT

This chapter was extensively updated in April 2018 and should be re-read throughout.


Contents

  1. Introduction
  2. Purpose
  3. Context
  4. Rights of Access
  5. Requests Made By, or On Behalf of, A Child
  6. Requests On Behalf of a Person Lacking Mental Capacity
  7. Requests Made Through Another Person (An Agent / Advocate)
  8. Disclosure to Social Care Staff
  9. Disclosure to Other Agencies and Organisations
  10. Involving Service Users
  11. Withholding Information
  12. Third Party Information
  13. Access to Records Procedure
  14. Reapplication
  15. Open Case Access to Records
  16. Further Information


1. Introduction

This procedure is for Children’s Services, where the Support Services Team is responsible for Social Care Access to Records requests for closed cases. There is a named Access to Records Officer within the team. See Section 15, for Open Case Access to Records.


2. Purpose

To ensure that service users and carers are enabled to access their records in compliance with Data Protection legislation and that staff are consistent in their approach to access of files.


3. Context

The statutory framework relevant to this procedure are the Data Protection Act 1998 and The Access to Personal Files (Social Services) Regulations 1989.


4. Rights of Access

Under the terms of the Data Protection Act any living person has a right of access to personal information about themselves.

When a request for Access to Records is made this will apply to both manual and electronic files.

Social Care settings work with an open case recording principle, which encourages staff to share data with Service Users during any service provided.

When dealing with other agencies or individuals it is important to ask them if the jointly held information can be shared with the service user.

Requests for personal information will need to be authenticated before allowing access. An individual should provide at least two proofs of identity such as a passport, driving licence and utilities bill with an address, as well as proof of Parental Responsibility if applying for their children’s records (long birth certificate). Further proof of change of name will also be required (marriage certificate etc).

Individuals can apply for access to their personal information through an agent or representative who will need to be verified. See Section 7, Requests Made Through Another Person (An Agent / Advocate) for further details.


5. Requests Made By, or On Behalf of, A Child

Where a parent/carer requests access to a child’s data, and they are over the age of 12, consent must be given by the child who owns the data.

If a child does not have sufficient understanding to make his/her own request, a person with parental responsibility (referred to below as the parent) or an advocate, can make the request on the child’s behalf. In this case the status of the person making the request will need to be verified.

Where the Borough considers that granting access to a requester is likely to result in serious harm to anyone or is not in the child’s best interest, they may refuse access. The reasons for refusal must be recorded in writing by the Borough and included in the child’s file. If they are not happy with the decision, the requester may then make representation to the Information Commissioner, or the court, for access.


6. Requests On Behalf of a Person Lacking Mental Capacity

If a person over 18 years of age with a mental illness has legal capacity i.e. she/he understands the nature of the request, she/he can request access.

If a person lacks capacity to manage their affairs, someone acting under an order of the Court of Protection or acting within the terms of a registered Enduring Power of Attorney can request access on his/her behalf. 


7. Requests Made Through Another Person (An Agent / Advocate)

If a person has capacity, and if she/he has appointed an agent, that person can make a valid request for access on behalf of the individual. If it is clear that the person has authorised the agent to make the request, the request must be met as if it had been made by the person. This also applies where a person is acting on another’s behalf, or under a general power of attorney, or an advocate. Proof of identity will be required before access is given.

If the request has come from a Solicitor acting on behalf of a service user, the Access to Records will be dealt with by Children’s Legal Services.


8. Disclosure to Social Care Staff

Access to personal information will be made available to the designated employees with responsibility to prepare the files for access or for whom the information is necessary in order to carry out the service within Social Care settings and to meet statutory and legal obligations.


9. Disclosure to Other Agencies and Organisations

In considering requests for access the best interests of the service user or carer must be borne in mind, especially where access is being given without the direct consent of the service user or carer. If there is any doubt about whether or not to give access to all or part of any record, Legal Services should be consulted.

Appropriate form to be completed and permission received from the client unless it is a child protection issue.


10. Involving Service Users

Service users and carers should be given a copy of the leaflet ‘Accessing Your Social Care Records’.

Service users should be informed about all forms of information held.

Informal access to information (Open Case Recording) should be a normal part of casework. It should be recorded on the persons file when access has been shared.

Where possible, service users should be invited in for a discussion with the Access to Records Officer. This will allow the service user to fully explain their request and give as many details as possible to allow the records to be traced.

The service user has the right to challenge inaccurate information. The service users’ opinions/challenges will be added to the child’s file.


11. Withholding Information

Certain personal information is exempt from the disclosure requirements of the Data Protection Act. The exceptions are:

  • Prevention of Crime etc. The authority need not disclose information to the service user or person requesting the file on behalf of the service user which is held for the purposes of the prevention or detection of crime, or to apprehend or prosecute offenders if disclosure would be likely to prejudice one of these purposes;
  • Risk of Serious harm. The authority need not disclose information to the service user, or person requesting the file on behalf of the service user, if it believes this would prejudice the carrying out of social work intervention because it would be likely to cause serious harm to the physical or mental health or condition of the individual or another person;
  • Information about physical or mental health condition. The authority must not disclose this kind of information to the service user or person requesting the file on behalf of the service user without first consulting an ‘appropriate health professional’. This would normally be the person responsible for the individual’s current clinical care in connection with matters to which the information relates;
  • Other legislation. Where other legislation prevents disclosure, then the person cannot rely on the Data Protection Act 1998 to seek access to records. These include, for example, adoption records and reports; parental order records and reports. (Adoption Records are accessed through the Adoption Service; requests should be made directly to them.);
  • Refusal to access. If access is refused, this should be notified to the person requesting access as soon as practicable and in writing, even if the decision has also been given in person. The employee should record the reasons for the decision and explain these to the individual.


12. Third Party Information

Personal information may include details about another person (a third party). If disclosure would allow the third party to be identified the Access to Records Officer must confirm the third party’s consent before disclosure or this information must be redacted.

If an immediate relative of the requester is deceased and the requester can provide a copy of the death certificate, the deceased person’s information can be disclosed, within reason.

If this information would have been highly confidential to the deceased then a decision may be made to redact this information.


13. Access to Records Procedure

Requests should be notified to the Access to Records Officer who will be responsible for responding to any requests. An acknowledgement of the request and to ask for any further information required to identify the individual and locate the information should be sent within, along with the appropriate form.

Where the request is for access to another section of Children’s Services (e.g.: Adoption, SEND, Education, Mental Health, etc.) this should be directed to the appropriate service area.

Requests must be responded to within 40 calendar days of receiving the request. The 40 day period does not start until the following information has been received:
(Please note: timescales may change along with the introduction of GDPR in May 2018).

  • Proof of name change if appropriate;
  • A completed form/enough details provided in the original request;
  • Proof of Parental Responsibility if appropriate.

The Access to Records Officer is responsible for:

  • Locating all the relevant information;
  • Establishing the identification of individuals, to the best of our ability as LA workers, before the process begins;
  • Arranging access to the files;
  • Ensuring that any third party information where consent is not agreed is removed or anonymised before access;
  • Saving the redacted file to a password protected disc;
  • Completing within the statutory timescale.

If the personal information requested is not held, the Access to Records Officer must inform the applicant as soon as possible.

In some cases it may be deemed appropriate to send a copy to the applicant in the post (for example, if they live too far away to travel to Bedfordshire). In these circumstances the applicant must be informed that it will be sent via recorded delivery and that they may wish to contact the Access to Records Officer to discuss their file once they have had the opportunity to read through it. If the applicant requests a paper version rather than a password protected disc, then a disclaimer letter will be sent to the applicant to sign, highlighting that BBC is not responsible for any loss of data due to the unsecure method of paper files. The file will be sent Recorded Delivery after this has been received.


14. Reapplication

Where an applicant has already accessed files previously and then reapplies for any further data that may have been added, the request will be treated as a new request and the relevant forms completed, and ID resupplied.


15. Open Case Access to Records

If an Access to Records in made and the case is open to Children’s Social Care (i.e. currently receiving a service) or has been closed for less than 6 months, then the request will be dealt with by the Social Worker/Team who were involved. All of the principles for handling subject access requests above apply to open cases also. Support Services are available for advice to workers dealing with open cases.


16. Further Information

Please see our leaflet (CS098_14).

End