Stack of papers and two stamps labelled as 'Rules' and 'Regulations'

Identify the legislation that relates to the recording, storage and sharing of information in care settings

This page is designed to answer the following questions:

The Data Protection Act

The main piece of legislation relating to the recording, storage and sharing of information is the Data Protection Act 2018 (including GDPR).

The DPA was originally introduced in 1984 and has been updated regularly as technology has advanced. The latest incarnation came into force in 2018 and includes GDPR, which brings UK legislation in line with EU legislation.

The DPA balances an individual’s right to privacy and an organisation’s right to hold their data by ensuring that personal information is kept securely, can only be used for what it was originally intended when collected, be accurate and up-to-date and should be removed when no longer needed.

The key principles of the DPA are:

  • Fair, lawful, and transparent processing – data may only be processed for the reason that it was originally collected, organisations must be transparent about what they want to use the information for and must obtain the individual’s consent.
  • Purpose limitation – supports the previous point that data must only be used for the reason intended.
  • Data minimisation – only the minimum amount of personal data should be acquired to be used for the reason intended.
  • Accuracy – data must be accurate and up-to-date and systems must be in place to correct errors.
  • Data retention periods – data should be deleted if it is no longer needed for it’s intended purpose or the individual requests that it is erased (their right to be forgotten).
  • Data security – data should not be accessible or erasable by unauthorised persons.
  • Accountability – organisations must be able to prove that they are complying with data protection laws and regulation.

The Freedom of Information Act

The Freedom of Information Act 2000 allows individuals to request certain information held by public authorities, including the government, local authorities, the police force, hospitals and GP surgeries.

This does not cover private companies and organisations.

In addition, it gives individuals the right to look at anything written about them so if you work for a public authority you must be aware that anything you write about an individual may be viewed by them in the future. Therefore you must ensure that everything you record is accurate.

Agreed ways of working

Your employer’s agreed ways of working include their policies and procedures but can also include emails and verbal instructions. These are the ways that your employer requires you to work and should always be followed as they are designed to ensure that your work is within the law and meets best practices.

Some agreed ways of working that your employer may have relating to handling information can include:

  • Information handling policy and procedure
  • ICT policy including password policy
  • How you record information
  • How you store information
  • How information should be shared
  • Guidelines for ensuring confidentiality

Code of Conduct

The Code of Conduct for Healthcare Support Workers and Adult Social Care Workers in England has contains guidance for information handling relating to confidentiality, particularly in Standard 5: Respect people’s right to confidentiality.

Example questions and answers

1. Identify four key pieces of Legislation or Codes of Practice relating to handling information in social care settings.

Legislation or Codes of Practice relating to handling information in social care settings  include:

  • The Data Protection Act 1998
  • The Freedom of Information Act 2000
  • The Health & Social Care Act 2008 (specifically, Essential Standards)
  • ICO Data Sharing Code of Practice

2. Explain how legal requirements and codes of practice affect the day to day work of a social care worker in relation to handling information.

Legal requirements and codes of practice ensure that social care workers handle information in the correct way and without breaking the law.

This means that personal and sensitive data is stored securely and is only accessible by those that are authorised to do so. Social care workers may only share information if it is absolutely necessary. They must respect the rights of the person that they have information about by obtaining their consent before sharing information about them and ensuring they keep this information confidential. Information must be kept up-to-date.