Let us know if you agree to cookies

We use cookies to give you the best online experience. Please let us know if you agree to all cookies.

Skip to main navigation

Skip to main content

Third party requests for personal data and proactive disclosure of personal data

Third party requests for personal data and proactive disclosure of personal data

First published: 16 December 2022

We may receive requests for information from third parties relating to social workers, former social workers, and other individuals whose personal data we hold, such as witnesses, complainants, applicants and those appealing our decisions. This could include information that has been provided to us as part of the registration process or information that has been collected as part of our fitness to practise processes.

Examples of information that could be requested include:

  • Contact details
  • Statistics
  • Employment details
  • Whether the social worker is subject to a fitness to practise investigation
  • Details of allegations made against a social worker

Examples of third parties that could request information from us include:

  • Local authorities
  • Employers of social workers
  • Other regulators
  • Local Authority Designated Officers (LADOs)
  • The police
  • The Disclosure and Barring Service
  • The Department for Education

When determining whether to disclose the requested information, we will consider the following.

Information that is not personal data

In some circumstances the information requested will not be ‘personal data’ as defined in the UK GDPR. This could be the case when the information requested is for anonymised statistics, or relates to a deceased social worker. In these circumstances we would normally provide the information requested.

Personal data that has already been published on our register of social workers

If the personal data is currently, or was previously, published on our online register of social workers then it will normally be provided to the requester. Further information on what is published on our register can be found in our guide to the register and in our publications policy.

Personal data that has not been published on our register but has otherwise been published on our website

If the request relates to personal data that we have published but is not part of our register, such as registration and restoration hearings and decisions, this will be escalated to a senior member of staff who will determine if it should be disclosed. This will be determined using the decision making process described below in relation to disclosing non-public personal data relating to our statutory functions.

Personal data that we are required to disclose

In some circumstances a request for personal data may place a legal obligation on us to provide the information requested. This could be, for example, when information is requested via a court order, or when an organisation has quoted to us their legal powers to require the disclosure of information and we are satisfied these powers place a relevant requirement on us. Where a request for personal data places a legal obligation on us to provide the data, we will disclose the minimum amount of data to ensure that we have met our legal obligation.

Personal data requested by the police

Personal data that is required by the police, or other authorities with law enforcement powers, will normally be provided if it is established that the data is required for the prevention and detection of crime, or for the apprehension or prosecution of offenders. The minimum amount of data that is required for the purpose of the request will be disclosed.

Disclosing to requesters non-public personal data relating to our statutory functions

Where non-public personal data relating to our statutory functions is requested by organisations (other than those that have law enforcement powers or that have the legal powers to require disclosure from us), the request will be referred to a senior member of staff to consider. They will make a decision as to whether the information must or should be disclosed under our powers and duties to disclose personal data under the Children and Social Work Act 2017 and the Social Workers Regulations 2018 (as amended). Data will only be shared where there is a lawful basis for doing so under the Data Protection Act 2018 and UK GDPR.

In some cases, determining if we have a duty to disclose on request will require us to decide if we consider there is a public interest in disclosure. In these circumstances we will conduct a balancing exercise considering the following factors:

  • Whether the request relates to a risk to the public, and the severity of that risk.
  • Whether there is a clear purpose for sharing the data in relation to the risk to the public.
  • Whether Social Work England is the most appropriate organisation to provide the data.
  • Whether it would be appropriate to request consent from the social worker for the sharing of the data.
  • The likely expectations of the individual in relation to the use of their personal data.
  • Any relevant data protection principles under the UK GDPR.

The member of staff making the decision will be advised by the Data Protection Officer and, if necessary, the legal team.

Only the minimum amount of personal data required to fulfil the need for sharing the data will be disclosed. The disclosure considerations and decision will be clearly documented.

Proactive disclosure of personal data by Social Work England

Social Work England has the power to proactively disclose personal data relating to a social worker’s fitness to practise where we consider the disclosure relates to any of our statutory functions and does not breach the Data Protection Act 2018 or the UK GDPR.

We may use this power, for example, to proactively share with other regulators and bodies with a public protection or safeguarding remit:

  • the final published outcomes of fitness to practise cases
  • personal data about interim stages of our fitness to practise process, such as interim orders and the reasons they have been determined as necessary.

This list is not exhaustive.

We will only disclose personal data where we have a lawful basis for doing so under data protection legislation. We will only share the minimum amount of personal data to ensure the recipient has adequate, relevant information to be able to manage public protection and safeguarding risks, and will share no more than is necessary.

We are not required by our legislation to apply a public interest test but our guidance for decision-makers is clear that non-public personal data will only be shared where we consider the disclosure would be in the public interest.

 

Back to top