Bedford Borough Council Logo


Top of page

Size: View this website with small text View this website with medium text View this website with large text View this website with high visibility

6.3 Access to Records

RELATED GUIDANCE

Information Commissioners Office – Guide to Data Protection

AMENDMENT

In October 2016, a link was added to the Information Commissioners Office – Guide to Data Protection in the Related Guidance section.


Contents

  1. Introduction
  2. Purpose
  3. Context
  4. Rights of Access
  5. Requests Made By, or On Behalf of, A Child
  6. Requests On Behalf of a Person Lacking Mental Capacity
  7. Requests Made Through Another Person (An Agent / Advocate)
  8. Applications by Care Leavers
  9. Disclosure to Social Care Staff
  10. Disclosure to Researchers
  11. Disclosure to Other Agencies and Organisations
  12. Involving Service Users
  13. Withholding Information
  14. Third Party Information
  15. Access to Records Procedure
  16. Reapplication
  17. Contacts


1. Introduction

This procedure is for Children’s Services, where the Support Services Team is responsible for Social Care Access to Records requests for closed cases. There is a named Access to Records and Freedom of Information Officer within the team.


2. Purpose

To ensure that service users and carers are enabled to access their records in compliance with Data Protection legislation and that staff are consistent in their approach to access of files.


3. Context

The statutory framework relevant to this procedure are the Data Protection Act 1998 and The Access to Personal Files (Social Services) Regulations 1989.


4. Rights of Access

Under the terms of the Data Protection Act any living person has a right of access to personal information about themselves.

When a request for Access to Records is made this will apply to both manual and electronic files.

Social Care settings work with an “open case recording” principle, which encourages service users and carers to routinely have free informal access to information held on them.

When dealing with other agencies or individuals it is important to ask them if the jointly held information can be shared with the service user.

Requests for personal information will need to be authenticated before allowing access. An individual should provide at least two proofs of identity such as a passport, driving licence and utilities bill with an address, as well as proof of Parental Responsibility if applying for their children’s records. Further proof of change of name will also be required (marriage certificate etc).

Individuals can apply for access to their personal information through an agent or representative who will need to be verified. See Section 7, Requests Made Through Another Person (An Agent / Advocate) for further details.


5. Requests Made By, or On Behalf of, A Child

Where a child or young person under the age of 12 years makes a request for access to their information, the Access to Records Officer, together with relevant case workers, must decide whether or not he/she has sufficient understanding to do so. That is, does he/she understand the nature of the request? If so, then the request for access should be complied with.

If a child does not have sufficient understanding to make his/her own request, a person with parental responsibility (referred to below as the parent) can make the request on the child’s behalf. In this case the status of the person making the request will need to be verified.

Where the Access to Records Officer and the case worker considers that granting access to a parent is likely to result in serious harm to anyone or is not in the child’s best interest, they may refuse access. The reasons for refusal must be recorded in writing by the child’s social worker and included in the child’s file. If they are not happy with the decision, the parent may then make representation to the Information Commissioner, or the court, for access. 


6. Requests On Behalf of a Person Lacking Mental Capacity

If a person over 18 years of age with a mental illness has legal capacity i.e. she/he understands the nature of the request, she/he can request access.

If a person lacks capacity to manage their affairs, someone acting under an order of the Court of Protection or acting within the terms of a registered Enduring Power of Attorney can request access on his/her behalf. 


7. Requests Made Through Another Person (An Agent / Advocate)

If a person has capacity, and if she/he has appointed an agent, that person can make a valid request for access on behalf of the individual. If it is clear that the person has authorised the agent to make the request, the request must be met as if it had been made by the person. This also applies where a person is acting on another’s behalf, or under a general power of attorney, or an advocate. Proof of identity will be required before access is given.

If the request has come from a Solicitor acting on behalf of a service user, the Access to Records will be dealt with by Children’s Legal Services.


8. Application by Care Leavers

For further information see Children Act 1989 Guidance and Regulations Volume 3: Planning Transition to Adulthood for Care Leavers (revised January 2015) paragraphs 4.21-4.37 Access to Records.

When an application has been received from a care leaver, it is important that the request is acknowledged promptly and in writing, or other appropriate forms of communication if required. The care leaver should be informed about the process and procedure, timescales for dealing with such requests and the services that the authority is able to provide.

An acknowledgement should be sent to the care leaver within ten working days. confirming that records exist. If the authority knows that the care records do not exist, there should be no delay informing the care leaver. The letter should also indicate when they are likely to receive information from the care records and that:

  • The local authority will locate all existing records relating to the care leaver, including registers from children’s homes;
  • There is a statutory duty to respond to a subject access request within 40 calendar days. If it is not possible to meet this requirement, this should be explained to the care leaver, giving reasons and the timescale when the records will be available;
  • The care leaver will need to produce proof of their identity before the organisation can disclose any personal information however, if the person is already known the proof of formal ID is not required;
  • If the records cannot be located, the care leaver needs to be informed as soon as possible with information about the steps that will be taken to try to locate them. If records have been transferred to another local authority, the individual should be put in touch with the relevant organisation if this can be done. When records have been destroyed or mislaid, the care leaver must be informed as soon as possible and assistance given to assist the care leaver to locate other information and registers that may be available, such as, health and education records. 

It is important that the case worker has telephone or direct contact with the care leaver to introduce themselves and explain the process. It provides an opportunity for the care leaver to discuss what they are hoping to obtain from their records, how s/he would like these to be shared and what they already know about their family and history. The case worker can also offer and identify what support the care leaver would like to receive. The care leaver should be assured that s/he will receive comprehensive information about their family background and time in care including information already known to them. It is important to offer to telephone the care leaver after they have received and read their records and to inform them that the case worker is available to try and answer any questions or concerns they may have.

Local authorities should respond to requests from a direct descendant of a care leaver if information about family history is being sought.


9. Disclosure to Social Care Staff

Access to personal information will be made available to the designated employees with responsibility to prepare the files for access or for whom the information is necessary in order to carry out the service within Social Care settings and to meet statutory and legal obligations.


10. Disclosure to Researchers

In considering requests from research workers for personal information, the following principles will apply:

  • All research activity should be subject to ethical review. The degree of ethical scrutiny will be proportionate to the likely risks to services users and others involved in the research process;
  • The information will only be used in a manner which is consistent with benefit to people and will not be used in a manner which may cause damage or distress to the person;
  • The personal information used in statistical research will not be processed to support measures or decisions with respect to particular individuals;
  • Wherever possible, the consent of the person will be obtained;
  • Adoption information will not be disclosed to researchers unless the above principles are applied and authorisation has been gained in writing by the Secretary of State to obtain such information under regulations 15.2.6 of the Adoption Act Regulations 1983.

All general research requests will be most likely be dealt with by our Archives department.


11. Disclosure to Other Agencies and Organisations

In considering requests for access the best interests of the service user or carer must be borne in mind, especially where access is being given without the direct consent of the service user or carer. If there is any doubt about whether or not to give access to all or part of any record, Legal Services should be consulted.

Appropriate BIC807a form to be completed and permission received from the client unless it is a child protection issue.


12. Involving Service Users

Service users and carers should be given a copy of the leaflet ‘Accessing Your Social Care Records’.

Service users should be informed about all forms of information held.

Informal access to information (Open Case Recording) should be a normal part of casework. It should be recorded on the persons file when access has been shared.

Where possible, service users should be invited in for a discussion with the Access to Records Officer. This will allow the service user to fully explain their request and give as many details as possible to allow the records to be traced.

The service user has the right to challenge inaccurate information and to receive a copy of any such additions, amendments, deletions or notes that may arise from the challenge. Where agreement on changes cannot be reached and they remain the same this must be recorded on the record.


13. Withholding Information

Certain personal information is exempt from the disclosure requirements of the Data Protection Act. The exceptions are:

  • Prevention of Crime etc. The authority need not disclose information to the service user or person requesting the file on behalf of the service user which is held for the purposes of the prevention or detection of crime, or to apprehend or prosecute offenders if disclosure would be likely to prejudice one of these purposes;
  • Risk of Serious harm. The authority need not disclose information to the service user, or person requesting the file on behalf of the service user, if it believes this would prejudice the carrying out of social work intervention because it would be likely to cause serious harm to the physical or mental health or condition of the individual or another person;
  • Information about physical or mental health condition. The authority must not disclose this kind of information to the service user or person requesting the file on behalf of the service user without first consulting an ‘appropriate health professional’. This would normally be the person responsible for the individual’s current clinical care in connection with matters to which the information relates;
  • Other legislation. Where other legislation prevents disclosure, then the person cannot rely on the Data Protection Act 1998 to seek access to records. These include, for example, adoption records and reports; parental order records and reports. (Adoption Records are accessed through the Adoption Service; requests should be made directly to them.);
  • Refusal to access. If access is refused, this should be notified to the person requesting access as soon as practicable and in writing, even if the decision has also been given in person. The employee should record the reasons for the decision and explain these to the individual.


14. Third Party Information

Personal information may include details about another person (a third party). If disclosure would allow the third party to be identified the Access to Records Officer must confirm the third party’s consent before disclosure or this information must be redacted.

If a relative of the requester has deceased and the requester can provide a copy of the death certificate, the deceased person’s information can be disclosed, within reason.

If this information would have been highly confidential to the deceased then a decision may be made to redact this information.


15. Access to Records Procedure

Requests should be notified to the Access to Records Officer who will be responsible for responding to any requests. An acknowledgement of the request and to ask for any further information required to identify the individual and locate the information should be sent within 5 working days, along with the BIC 807 form.

Where the request is for access to an adoption file this should be directed to the Adoption Service.

Requests must be responded to within 40 calendar days of receiving the request. The 40 day period does not start until the following information has been received:

  • Two pieces of identification (1 photographic) and a proof of address;
  • Proof of name change if appropriate;
  • A completed BIC 807;
  • Proof of Parental Responsibility if appropriate;
  • A BIC807a if for professionals;
  • E-mail authorisation from professionals line manager;
  • A BIC807b if for Parents accessing data.

The Access to Records Officer is responsible for:

  • Locating all the relevant information;
  • Establishing the identification of individuals, to the best of our ability as LA workers, before the process begins;
  • Arranging access to the files;
  • Arranging an appropriate person to accompany professionals whilst they are accessing files, if appropriate;
  • Gaining third party consent of disclosure, where applicable;
  • Ensuring that any third party information where consent is not agreed is removed or anonymised before access;
  • Saving the redacted file to a password protected disc;
  • Completing within 40 calendar days of receipt of the request for access;
  • Monitoring the progress of all requests;
  • Logging on a cover sheet for the file the type of information removed, the page number and the reason it was removed;
  • Arranging collection or delivery of the files.

If the personal information requested is not held, the Access to Records Officer must inform the applicant as soon as possible. 

Where an appointment has been made to see records and no response has been received from the applicant (or if the applicant does not keep the appointment) a second appointment will be offered. If this fails a new access request will have to be made.

In some cases it may be deemed appropriate to send a copy to the applicant in the post (for example, if they live too far away to travel to Bedfordshire). In these circumstances the applicant must be informed that it will be sent via recorded delivery and that they may wish to contact the Access to Records Officer to discuss issues relating to the composition of their file once they have had the opportunity to read through it. If the applicant requests a paper version rather than a password protected disc, then a disclaimer letter will be sent to the applicant to sign, highlighting that BBC is not responsible for any loss of data due to the unsecure method of paper files. The file will be sent Recorded Delivery after this has been received.


16. Reapplication

Where an applicant has already accessed files previously and then reapplies for any further data that may have been added, the request will be treated as a new request and the relevant forms completed, and ID resupplied. This is to ensure, or in the event of a person changing their name, (through marriage etc) that they have the appropriate access as previously (i.e. the child may be older and now permission is needed etc.).

The 40 calendar day processing will still apply.

A reapplication for data will only result in subsequent data being supplied and not previous data already supplied.


17. Contacts

Access to Records Officer (Closed Social Care)
Support Services
Children’s and Adults’ Services
Bedford Borough Council
Borough Hall
Cauldwell Street
Bedford MK 42 9AP

Tel: 01234 228 721 Ext: 42721
E-mail: charlie.gartland@bedford.gov.uk

Service Manager
Support Services
Children’s and Adults’ Services
Bedford Borough Council
Borough Hall
Cauldwell Street
Bedford MK 42 9AP

Tel: 01234 276 643 Ext: 44643
E-mail: shaun.caplis@bedford.gov.uk

Where the request is to access Adoption Files
Adoption Service Duty Desk

Tel: 01234 718 718

The Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 01625 545 745 or 0303 123 1113

End