Little Wonderland Nursery

Information Sharing Policy

February 2026

1. Policy Statement

At Little Wonderland Nursery, we recognise that sharing information appropriately is essential for safeguarding and promoting the wellbeing of children. We are committed to ensuring that all information sharing is carried out in line with the UK GDPR, the Data Protection Act 2018, and Scottish guidance including Getting it Right for Every Child (GIRFEC).

We ensure that all personal information is:

  • Processed lawfully, fairly, and transparently
  • Used only for specified, explicit purposes
  • Kept accurate and up to date
  • Stored securely and retained only as long as necessary

2. Purpose

This policy ensures that:

  • Children’s wellbeing and safety are prioritised
  • Staff understand when and how to share information
  • Confidentiality is respected while recognising when sharing is necessary
  • Legal and regulatory requirements are met

3. Legal Framework

This policy is based on:

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Human Rights Act 1998
  • Children and Young People (Scotland) Act 2014
  • GIRFEC (Getting it Right for Every Child)
  • Guidance from the Care Inspectorate and ICO

4. Principles of Information Sharing

We follow these key principles:

  • Necessary and proportionate – Only share what is needed
  • Relevant – Information must relate to the purpose
  • Adequate – Enough information is shared to support decisions
  • Accurate – Information must be correct and up to date
  • Timely – Shared promptly when required
  • Secure – Shared safely and appropriately
  • Recorded – Decisions to share are documented

5. When Information Will Be Shared

We may share information when:

a) Safeguarding and Child Protection

  • If a child is at risk of harm or neglect
  • With agencies such as social work, health professionals, or police

👉 In these cases, consent is not required if:

  • Seeking consent would place the child at further risk
  • It would delay necessary action

b) Supporting Wellbeing (GIRFEC)

  • To support children’s wellbeing across SHANARRI indicators (Safe, Healthy, Achieving, Nurtured, Active, Respected, Responsible, Included)
  • With relevant professionals (e.g. health visitors, speech therapists, education staff)

c) With Parental/Carer Consent

We will normally seek consent before sharing information, for example:

  • Transition reports to school
  • Referrals for additional support
  • Sharing learning and development information

d) Legal Obligation

Information may be shared:

  • When required by law
  • In response to a court order
  • For regulatory inspections (e.g. Care Inspectorate)

6. Consent

  • Consent will be informed, specific, and freely given
  • Parents/carers have the right to withdraw consent at any time
  • Consent is not required where there is a safeguarding concern or legal duty

7. How Information is Shared

We ensure that information is shared:

  • Securely (encrypted email, sealed letters, secure systems)
  • Only with authorised individuals
  • Using professional judgement
  • In line with confidentiality expectations

Staff must:

  • Verify identity before sharing
  • Share minimum necessary information
  • Record what was shared and why

8. Confidentiality

All staff must:

  • Maintain confidentiality at all times
  • Not discuss children or families outside of professional contexts
  • Store records securely

Confidentiality may be breached only where a child is at risk of harm or where required by law.

9. Recording Information Sharing

We will record:

  • What information was shared
  • Who it was shared with
  • The reason for sharing
  • Whether consent was obtained (or why not)
  • Date and time

10. Roles and Responsibilities

  • Manager/Designated Person: Oversees information sharing decisions and ensures compliance
  • Staff: Follow policy and report concerns
  • Data Protection Lead: Ensures GDPR compliance

11. Training

All staff will receive training on:

  • Data protection and confidentiality
  • Safeguarding and child protection
  • GIRFEC and wellbeing indicators

12. Data Security and Storage

We ensure:

  • Paper records are stored in locked cabinets
  • Digital data is password-protected
  • Access is restricted to authorised personnel only

13. Breaches

Any data breach will be:

  • Reported immediately to management
  • Investigated promptly
  • Reported to the ICO if required

14. Review

This policy will be reviewed:

  • Annually
  • Or sooner if legislation or guidance changes

15. Links to Other Policies

  • Child Protection Policy
  • Confidentiality Policy
  • Data Protection Policy
  • Record Keeping Policy

16. Requests for Information from Solicitors

At Little Wonderland Nursery, we recognise that requests for information about a child may occasionally be received from solicitors acting on behalf of a parent, carer, or other party.

We will ensure that any such requests are handled in line with UK GDPR, the Data Protection Act 2018, and guidance from the Information Commissioner's Office.

Procedure

  • All requests from solicitors must be made in writing and clearly outline:
    • The information being requested
    • The purpose of the request
    • Evidence of authority to act on behalf of the parent/carer
  • We will:
    • Verify the identity of the solicitor
    • Confirm that they have appropriate consent or legal authority

Consent Requirements

  • Information will only be shared with a solicitor where valid written consent has been provided by a person with parental rights and responsibilities.
  • If consent is unclear, missing, or disputed:
    • We will not share information until clarification is obtained
    • We may seek advice from relevant authorities or legal professionals

Exceptions

Information may be shared without consent only where:

  • There is a legal obligation, such as a court order
  • There is a safeguarding concern and sharing is necessary to protect the child

Confidentiality and Minimisation

When responding to solicitor requests, we will:

  • Share only the minimum necessary information
  • Ensure information is accurate, factual, and objective
  • Avoid sharing third-party information unless legally required

Recording

We will keep a clear record of:

  • The request received
  • What information was shared
  • The legal basis for sharing
  • Whether consent was obtained
  • Dates and details of communication

Refusal to Share Information

We reserve the right to refuse a request where:

  • There is no valid consent or legal authority
  • Sharing would breach data protection law
  • It is not in the best interests of the child

Policy Reviewed by Stacey Sneddon