National Guidance for Child Protection in Scotland 2021 Part 1: The context for child protection 30 Version 1.0 September 2021 1.145 Information sharing must be: • timely in relation to the child protection concern • secure in the manner in which it is shared • explicit in the records about any dispute in facts or opinions shared 1.146 Shared information and records held must: • state with whom the information has been shared and why • be accurate and up to date • be explicit about reasons for sharing or not sharing information 1.147 Information sharing that may be viewed as interfering with the right to private family life can only be lawful if it is done in a way that is proportionate to the achievement of a legitimate aim. 1.148 Seeking Advice. If in doubt about the boundaries of information sharing, practitioners should seek advice from their line managers. Further consultation may be necessary with agency advisors for GIRFEC and/or child protection. There should also be a governance lead to consult about the sharing of information in principle, without disclosing the identity of the individual. In any circumstances, agreement or disagreement and course of action or intervention should be recorded. 1.149 Within health services, Caldicott Guardians are senior persons appointed to ensure that personal information is processed legally, ethically and appropriately. Caldicott Guardians provide leadership and informed guidance on complex matters involving confidentiality and information sharing (A Manual for Caldicott Guardians) . If and when there is a decision to share information in relation to a child protection concern, then consideration should be given to the necessity to consult the child or young person’s named person (or equivalent, where applicable), and where there is one appointed, the lead professional. They may have information that is relevant to the concern. Records management 1.150 Effective records management policies include a well-structured file plan, standard file- naming conventions for electronic documents, and a clear retention policy about when to keep and delete documents. This will assist organisations with accountability and documentation obligations, including those relating to access to records. 1.151 Chronologies are a form of data processing. They may be shared or jointly compiled between agencies and can have a formative influence on inter-agency child protection assessment and planning. Further detail may be found in Part 3 of this Guidance. 1.152 Access to records. The right of access (known as subject access) is a fundamental right under data protection law. It allows individuals to find out what personal data is held about them and to obtain a copy of that data. The Information Commissioner has developed guidance (Right of access | ICO) about the rights that individuals have to access their personal data and the obligations on data controllers.