Protecting children from harm and promoting their development and wellbeing is only possible where assessments, case plans, and interventions are based on adequate information. To do their job well, child protection practitioners need to be able to exchange relevant information with professionals and other members of the child’s extended family and community in a timely and effective manner. At the same time, it is important that the personal information of children, parents, and other individuals is handled with respect, and is not misused.
The Children, Youth and Families Act 2005 and other relevant legislation permit the sharing of confidential information in particular circumstances. The following advice explains in what circumstances information may be shared, and where specific restrictions apply.
The Child Protection Manual refers to ‘information’, reflecting the Children, Youth and Families Act (CYFA). Most of the information held by Child Protection about clients and others is personal, sensitive, or health information under Victorian privacy law, and therefore constitutes confidential information under child and family violence information sharing law.
Child protection practitioners are expected to share information appropriately to support effective collaborative practice and service provision to children and families in relation to protecting children, promoting their wellbeing, and assessing and managing family violence.
If you are uncertain about the management or disclosure of information, consider this and related advice in the manual, and seek advice from your supervisor. Further advice can be obtained from divisional privacy or legal officers or Legal Services.
The main pieces of legislation relevant to information sharing in child protection cases are:
- Children, Youth and Families Act 2005
- Child Wellbeing and Safety Act 2005
- Family Violence Protection Act 2008
- Privacy and Data Protection Act 2014
- Health Records Act 2001
The CYFA provides when and how information sharing is specifically authorised, restricted or prohibited in relation to child protection cases, and will cover most circumstances related to open child protection cases.
Where there are no specific provisions in the CYFA relevant to a particular circumstance, information sharing may be permitted or restricted under other legislation.
The Child Wellbeing and Safety Act establishes the Child Information Sharing Scheme (CIS or the child scheme). The child scheme enables professionals in prescribed organisations and services, that is, information sharing entities (ISEs), to share information to promote the wellbeing and safety of children. Child Protection is an ISE under the child scheme.
The Family Violence Protection Act establishes the Family Violence Information Sharing Scheme (FVISS or the family violence scheme). The family violence scheme enables prescribed ISEs to share information to assess or manage risk of family violence. Child Protection is prescribed under the family violence scheme to share information for both assessment and management purposes.
Where information sharing is not provided for in the CYFA or under one of these schemes, any sharing must be consistent with the information privacy principles set out in the Privacy and Data Protection Act or the Health Records Act (schedule 1of each Act).
Voluntary information sharing
The CYFA provides for information sharing in the context of child protection practice where a child protection practitioner believes on reasonable grounds that sharing the information is required to carry out delegated responsibilities under the CYFA (s. 192 ‘Disclosure and use of information under this Act’, as amended on 27 September 2018).
Specifically, if the Secretary or a protective intervener believes on reasonable grounds that it is required to perform their duties or functions or exercise their powers under the CYFA, they may request information from, disclose information to, or receive information from:
- the Secretary
- a protective intervener
- an information holder
- a service agency
- a registered community service, or
- any other individual.
The CYFA also provides that those from whom Child Protection requests information may disclose that information to Child Protection, and that such a disclosure made in good faith does not constitute unprofessional conduct or a breach of professional ethics, or expose the person to any liability.
Child Protection responsibilities under the CYFA include: receiving and assessing reports; providing advice, assistance and referral for services and support; investigating reports; and following substantiation, providing for the care and protection of children, and applying for and administering court orders.
These arrangements for the voluntary exchange of information in the course of child protection practice apply to all phases of practice under the CYFA: from intake, through investigation, protective intervention, and when administering protection orders, to closure, however specific policies apply to sharing information during the intake phase – see Intake Policy, this general provision does not over-ride the restrictions and prohibitions on sharing specific information in the CYFA set out below.
If a request for information is refused
If a request for information is refused, consult with your supervisor or team manager about strategies for seeking the required information. This may include providing additional information to the person who has refused, escalating the request within an organisation, and so on.
If a prescribed ISE has refused to provide information in response to a request under the CYFA, making a formal request under the Child Information Sharing Scheme (see below) enlivens the obligation upon them under that scheme to respond, and may be an appropriate step.
If an information holder persists in refusing, and all options for obtaining the required information have been exhausted, compelling disclose may be considered as a last resort (see Compulsory disclosure below).
Responsibility to provide information
Under s. 178 of the CYFA, if a child is in out-of-home care under a protection or therapeutic treatment (placement) order, Child Protection has a responsibility to provide information, including personal information, about the child, unless:
- the child is over 12 years and does not consent to the information being provided, and Child Protection considers their refusal of consent is reasonable
- Child Protection considers it is not in the best interests of the child to provide the information
- dispensation of service has been granted by the Court under s. 531 of the CYFA.
If Child Protection intends to place a child with someone other than the child’s parent, all the information known to Child Protection that is reasonably necessary to help the person to make an informed decision about whether or not to accept care of the child, must be provided to the prospective carer (s. 179(1) of the CYFA).
If Child Protection has placed a child in the care of someone other than the child’s parent, any information known to Child Protection about the medical status of that child must be provided to the child’s carer, to enable them to provide appropriate care for the child (s. 179(2) of the CYFA).
Restrictions on sharing specific information
Protecting the identity of reporters
The following sections of the CYFA are relevant:
Protection for reporters or referrers:
- s. 41 Identity of reporter or referrer confidential.
- s. 190 Evidence and legal proceedings
- s. 191 Confidentiality.
Types of reports or referrals:
- s. 28 Report to Secretary about child
- s. 29 Report to Secretary about unborn child.
- s. 31 Referral to community-based child and family service about child
- s. 32 Referral to community-based child and family service about unborn child
- s. 41 Identity of reporter or referrer confidential
- s. 183 Report to protective intervener
- s. 184 Mandatory reporting
Under the CYFA, the identity of any person who makes any of these types of reports to Child Protection or referrals to Child FIRST or The Orange Door, is confidential.
It is an offence for a person, other than the reporter, to disclose the identity of a reporter, or any information that is likely to lead to the reporter being identified (without the reporter's written consent) to anyone, except:
- to another protective intervener
- to a community-based child and family service
- in court proceedings where leave is granted to do so by the court or tribunal because it is necessary to ensure the safety and wellbeing of the child or in the interests of justice.
The above exemptions enable Child Protection to provide reporter details to Victoria Police (as police officers are protective interveners), and to Child FIRST or The Orange Door.
The exemption in s. 41 also allows reporter or referrer details to be exchanged within Child FIRST or The Orange Door and between one such service and another.
Any person who receives reporter or referrer details is also required to protect the reporter's identity.
New reports on existing cases
When a report is received where a case is currently open, the report is classified as a protective intervention report and dealt with as a new allegation on an existing case. As for all other reports, the reporter's identity is protected.
Protecting the identity of people providing information in confidence during an investigation
Child protection must not disclose the identity of persons providing information in confidence during the course of an investigation of a report, to anyone except another protective intervener (which includes police) or a person in connection with a court hearing or Victorian Civil and Administrative Tribunal (VCAT) review, or, in the case of a therapeutic treatment report, the Therapeutic Treatment Board, unless,
- the person gives their written consent, or
- in the case of a protective investigation, the Secretary believes on reasonable grounds that the disclosure is necessary to ensure the safety and wellbeing of the child, or
- in the case of a therapeutic treatment investigation, the Secretary believes on reasonable grounds that the disclosure is necessary to ensure the provision of assistance or therapeutic treatment for the child.
It is an offence to breach these provisions, and penalties apply (ss. 209 and 213 of the CYFA).
Access to reports to the Children's Court
Restrictions apply about who can have access to court reports, or parts of court reports. It is an offence to breach these restrictions, and penalties apply (ss. 552, 556, 559, 561, 562, 566, 570 of the CYFA). See Access to court reports – advice.
It is an offence for a child protection practitioner (or anyone else) who attends a conciliation conference to disclose the details of the conference without the leave of the court or the consent of all the parties to the conference (s. 226 of the CYFA).
Publication of identifying details
Restrictions apply to publishing a report of a proceeding in the Children’s Court likely to identify:
- a child or other party or a witness as involved in a proceeding in the Children’s Court
- a particular court venue
- a child as being subject to a Children’s Court order.
It is an offence for a person to breach these restrictions, and penalties apply (s. 534 of the CYFA). See Publication of identifying details - advice.
Child’s contact with registrable sex offender
Particular provisions apply to Child Protection disclosing information about a person who has been convicted of a registrable offence (s. 42D of the CYFA).
Before disclosing the information, Child Protection must take reasonable steps to notify the registrable offender of the intention to disclose the information, unless Child Protection believes on reasonable grounds telling the registrable offender would endanger the life or safety of any person.
Child Protection may only disclose information in relation to a registerable offender if they believe on reasonable grounds the disclosure is in the interests of the safety and wellbeing of the child referred to the information.
Penalties apply to unauthorised disclosure of the information set out in s. 42D of the CYFA by staff.
The CYFA provides that, despite anything to the contrary in the Act, any information may be disclosed to an officer of a child protection authority of a state or territory of Australia or of New Zealand if the information is required to assist them in carrying out duties or exercising powers under a child welfare law in their jurisdiction (Schedule 1 of the CYFA, clause. 26: Disclosure of information).
So, for example, information which would otherwise not be able to be disclosed, such as reporter details and the content of conciliation conferences, may be disclosed to the officer from the interstate/New Zealand child protection authority if necessary. All Australian states and territories and New Zealand are subject to legislation enabling information provision across state/national boundaries.
Each divisional child protection program has an interstate liaison officer (ILO) who should be consulted before contact with interstate departments is undertaken.
Compulsory disclosure of information
Compelling the disclosure of information to Child Protection is to be used as a last resort, where other means of gathering required information have been exhausted.
The CYFA (ss. 194 - 202 as amended on 27 September 2018) provides a limited power for the Secretary to personally authorise a senior officer to give a direction to an information holder (other than a police officer) to disclose information if the Secretary believes on reasonable grounds they have information relevant to the protection or development of a child.
The compulsion power is limited in several key ways.
- It is not available during the intake phase. This power is available from the beginning of the investigation phase through to closure, that is: in relation to a child subject to a protective intervention or therapeutic treatment report; an application to the Children’s Court; or a protection or therapeutic treatment order (s. 195).
- The authorisation power cannot be delegated by the Secretary, and must be exercised in each instance by the Secretary personally (s.17(1)(d)).
- Police officers are exempt (s. 195).
- Children's Court Clinic practitioners cannot be required to disclose any information or document relating to carrying out the Clinic’s functions (s. 196(4)).
- Information given or documents produced to an authorised officer in relation to a child in response to a compulsory disclosure direction must not be given in evidence in a legal proceeding other than a proceeding in relation to the child under Chapter 4 of the CYFA (s. 202).
Aside from the limitation in s. 202, once received, the Secretary may use and disclose the information or documents for a purpose relating to the protection or development of the child.
If making an authorisation under the compulsory disclosure provisions, the Secretary will authorise a senior officer (CPP6 or above) to issue the direction.
The authorised officer may then in writing direct any information holder (other than a police officer) to:
- give information, orally or in writing on any matter concerning the protection or development of the child
- produce documents that relate to any matter concerning the protection or development of the child
- give reasonable assistance in relation to the child.
The authorised officer is required to advise the information holder that the information provided may be disclosed to the Secretary and used for the protection and development of the child.
The information holder is required to provide the information or assistance to the authorised officer. This means the senior officer who has been authorised to issue the direction needs to be personally involved in receiving the response.
It is an offence for an information holder:
- to refuse to comply with a compulsory disclosure direction without reasonable excuse (s. 197)
- to give false or misleading information in response to a compulsory disclosure direction (s. 201).
The CYFA provides that medical professional privilege is not a reasonable excuse (s. 200), whereas self-incrimination (s. 198) and legal professional privilege (s. 199) are reasonable excuses for not complying with a compulsory disclosure direction.
Follow the Compulsory disclosure of information – procedure.
Classes relevant to information sharing
The following classes of people and agencies relevant to information sharing are established under the CYFA.
Certain professionals who may have contact with vulnerable children or their parents are defined as 'information holders' under the CYFA (s. 3 of the CYFA and r. 6 of the Children, Youth and Families Regulations).
To carry out its responsibilities, Child Protection can request and receive information from and disclose information to information holders. Information holders (other than police) may also be subject to a compulsory disclosure direction.
The following are information holders for the purposes of the CYFA:
- government department employees
- information sharing entities (ISEs) under the Child Information Sharing Scheme and Family Violence Information Sharing Scheme
- school teachers and principals, and kindergarten teachers
- registered medical practitioners – doctors and psychiatrists
- registered psychologists
- a person in charge of:
- a health service
- a mental health service
- a children's service
- a disability service (under the Disability Act or NDIS)
- a drug or alcohol treatment service
- an education and care service
- a family violence service
- a sexual assault support service
- a parenting assessment and skills development service
- a local government child and family service
- a placement support service for children in out-of-home care
- an employee of Family Safety Victoria.
Service agencies are government departments and service providers who may provide services to vulnerable families. To carry out its responsibilities, Child Protection can request and receive information from and disclose information to service agencies.
Following is the list of service agencies within the meaning of the CYFA and its Regulations:
- Victorian Government departments
- health service
- psychiatric service
- disability service (under the Disability Act or NDIS)
- drug or alcohol treatment service
- family violence service
- sexual assault support service
- parenting assessment and skills development service
- local government child and family service
- placement support service for children in out-of-home care
- Family Safety Victoria.
The precise meaning of these terms is more clearly defined in s. 3 of the CYFA and r. 7 of the CYF Regulations.
Registered community services
Community services are an integral part of the system of which child protection is also a part. They are organisations registered and funded to provide services to vulnerable children and families; out-of-home care services; and secure services. Such services include: Child FIRST; any agency within a support and safety hub - ‘The Orange Door’; family services; and out-of-home care services. These services are registered by the Secretary of the Department of Health and Human Services and are required to comply with service standards (ss. 3, 46, 47 of the CYFA).
The Child Information Sharing Scheme (CIS) permits the requesting and disclosure of confidential information between prescribed organisations (ISEs) for the purpose of promoting the wellbeing and safety of a child or group of children. ISEs are obliged to provide information in response to a request from another ISE (unless the information is exempt).
Details of the Child Information Sharing Scheme are set out in the Child Information Sharing Scheme Ministerial Guidelines, which are legally binding for all prescribed ISEs.
There will be situations beyond the circumstances covered under the CYFA where Child Protection holds information relevant to promoting the safety or wellbeing of a child or group of children.
For example, the Child Information Sharing Scheme may apply where
- the relevant information is held in closed case records
- information held by Child Protection in connection with a client may be relevant to promoting the safety or wellbeing of another child or group of children.
For information about how Child Protection operates in relation to the scheme, see Child Information Sharing Scheme and Child Protection.
The Family Violence Information Sharing Scheme (FVISS) authorises prescribed family violence information sharing entities (ISEs) to share information with one another for family violence risk assessment or risk management purposes. ISEs are obliged to provide information in response to a request from another ISE (unless the information is exempt).
There will be circumstances beyond those covered under the CYFA where Child Protection holds information relevant to family violence risk assessment or management.
Details of the Family Violence Information Sharing Scheme can be found at https://www.vic.gov.au/infosharing.html.
For example, the Family Violence Information Sharing Scheme may apply where
- the relevant information is held in closed case records
- information is held by Child Protection in connection with a client about an alleged perpetrator or perpetrator of family violence, and while sharing that information is not required in relation to that client, it is relevant to assessing or managing a risk of family violence to another child or to an adult.
Where there are no specific provisions in the CYFA governing the information sharing circumstance you are considering, and neither the Child Information Sharing Scheme nor the Family Violence Information Sharing Scheme apply, information sharing must be consistent with the Privacy and Data Protection Act or the Health Records Act.
The Health Records Act deals with health information and the Privacy and Data Protection Act deals with all other personal information. 'Personal information' is information or an opinion that is recorded about a person and which identifies or may identify that person.
Refer to Privacy legislation and Child Protection.
Sharing information appropriately is important
Sharing information appropriately in accordance with your responsibilities and obligations in the course of child protection practice is vital to protecting children and promoting their wellbeing. It enables collaborative practice around a child and family, to mobilise support and increase safety.
Inquiries into adverse events such as inquests and child death inquiries frequently identify insufficient sharing of information amongst professionals around a child and family as a problem.
You are expected to share information where this is required to carry out your responsibilities as a child protection practitioner, and to familiarise yourself with the circumstances where you are obliged to share information.
When gathering or sharing information
When contacting a person to gather or disclose information the child protection practitioner should explain:
- the purpose of the contact
- how the child protection practitioner is authorised to request, receive and disclose information, (usually the voluntary disclosure provisions of the CYFA)
- how the person is authorised to receive from and disclose to Child Protection information related to the case (usually the voluntary disclosure provisions of the CYFA)
- whether their identity is protected, and why it may be helpful for them to consent to their identity being disclosed as the source of the information
- how the information they provide may be used, for example, it may be used for the purposes of inclusion in a court report, or to promote a child’s safety or wellbeing.
Protecting client privacy
The manner in which information is communicated needs to be respectful, and to protect the privacy of clients and others to the extent that this is consistent with fulfilling your information sharing responsibilities.
All information needs to be handled with care. See Information security for further advice. Only child protection practitioners and community service contracted case management staff are authorised to have direct access to the client file. Certain other people (including the client) are allowed to see printed material from the client file in certain circumstances (for example, court reports). See Freedom of information.
Where information is shared with other people, it is important this is done with care. People should not be provided with more information than is relevant to the purpose for which the information is being shared, remembering the paramount consideration for Child Protection is promoting a child's best interests.
It is sometimes necessary to provide written information to other people about a client, for instance where making a referral. Every effort should be made to ensure only the relevant person or organisation is given access to it. Some simple measures to ensure the confidentiality of information are:
- delivering reports and referral forms personally and directly to the intended recipient
- using registered mail where appropriate when posting letters and documents
- when using email, confining personal information to an attachment that is password protected, and providing the password to the recipient by phone
- when making first visits to a family home, confirming the address is correct and verifying the identity of the occupant before divulging you are from child protection or the family name or other client details
- when faxing material, confirming the fax number is correct, always using a fax cover sheet marked 'confidential', confirming the recipient is available to receive the fax, and asking them to acknowledge receipt by phone.