1. Introduction

Duty of candour relates to an organisation being open and transparent with people who use its services and other relevant people (that is those who are acting lawfully on the person’s behalf) in relation to care and treatment. An organisation should be open and honest when things go wrong.

It applies to all NHS trusts, foundation trusts, special health authorities and all other service providers or registered managers.

Specific requirements must be followed in relation to an adult’s care and treatment, including:

• informing people about an incident;
• providing reasonable support;
• providing truthful information;
• giving an apology if procedures have not been followed or things go wrong.

2. Openness and Transparency

The organisation must promote a culture that encourages candour, openness and honesty at all levels. This is an integral part of a culture of safety that supports organisational and staff learning. This commitment to openness and transparency extends to all levels of the organisation, from senior and middle managers, care and support workers and ancillary staff, including temporary staff. These policies and procedures support a culture of openness and transparency, as they can be accessed by adults and their families as well as by staff.

Staff operating at all levels must understand their individual responsibilities in relation to the duty of candour, and are supported to be open and honest with adults and apologise when things go wrong. Staff should receive appropriate training, and there should be arrangements in place to support staff who are involved in a notifiable safety incident. In cases a manager is made aware that something untoward has happened, they should treat the allegation seriously, immediately consider whether this is a notifiable safety incident and take appropriate action (see Section 3, Notification Process following an Incident).

2.1 Bullying

The organisation should be committed to taking action to tackle bullying and harassment in relation to duty of candour, and must investigate any instances where a member of staff may have obstructed another in exercising their duty of candour. A possible breach of the professional duty of candour by staff who are professionally registered, including the obstruction of another in such a duty, may lead to an investigation, disciplinary action and referral to the Care Quality Commission and / or their professional body.

3. Notification Process following an Incident

When a notifiable safety incident has occurred, the adult and / or relevant person must be informed as soon as reasonably practicable after the incident has been identified.

The organisation should inform its regulator and / or commissioner of any unintended or unexpected incident that occurred in respect of an adult when providing regulated activity that, in the reasonable opinion of a health care professional:

• appears to have resulted in:
  • the death of the adult, where the death relates directly to the incident rather than to the natural course of their illness or underlying condition (see Safeguarding Adult Reviews);
  • an impairment of the sensory, motor or intellectual functions of the adult which has lasted, or is likely to last, for a continuous period of at least 28 days;
  • changes to the structure of the adult’s body;
  • the adult experiencing prolonged pain or prolonged psychological harm; or
  • the shortening of the life expectancy of the adult; or
• requires treatment by a health care professional in order to prevent:
  • the death of the adult; or
  • any injury to the adult which, if left untreated, would lead to one or more of the outcomes mentioned above.

Where the degree of harm to the adult is not yet clear but may fall into the above categories in future, the adult and / or relevant person must be informed of the notifiable safety incident. There must be appropriate arrangements in place to notify the adult who is affected by an incident if they are aged 16 and over and lack the mental capacity to make a decision about their care or treatment (see Mental Capacity chapter). A person acting lawfully on behalf of the adult must be notified as the relevant person where they are under 16 and lack the mental capacity to make a decision regarding their care or treatment. A person acting lawfully on behalf of the adult must be notified as the relevant person, upon the adult’s death.

Other than the situations outlined above, information should only be disclosed to family members or carers where the adult has given their consent. A step by step account of all relevant facts known about the incident at the time must be given, in person, by one or more member of staff including a service manager as relevant. This should include as much or as little information as the adult and / or relevant person wants to hear, be jargon free and explain any complicated terms. The account of the facts must be given in a manner that the adult and / or relevant person can understand. Staff should consider whether interpreters, advocates, or other communication aids should be used, while being conscious of any potential breaches of confidentiality in doing so.

Staff must also explain to the adult and / or relevant person what further enquiries they will make. One or member of staff should give a meaningful apology, which is an expression of sorrow or regret, in person, to the adult and / or relevant person. In making a decision about who is most appropriate to provide the notification and / or apology, the organisation should consider seniority, relationship to the adult, and experience and expertise in the type of notifiable incident that has occurred. Following the notification of the incident given face to face, the relevant person must receive written notification of the incident, even though enquiries may not yet be complete. This must contain all the information that was provided at the face-to face meeting, including an apology and as well as the results of any enquiries that have been made since. The outcomes or results of any further enquiries and investigations must also be provided in writing to the adult and / or relevant person through further written notifications, if they wish to receive them.

The organisaiton must make every reasonable attempt to contact the relevant person through all available means of communication. All attempts to contact the relevant person must be documented (see Section 5, Record Keeping). If the relevant person does not wish to communicate with the organisation or a senior manager, their wishes must be respected and a record of this must be kept. If the relevant person has died and there is nobody who can lawfully act on their behalf, a record of this should also be kept. The organisation is not required by regulation to inform an adult when a ‘near miss’ has occurred and the incident has resulted in no harm to that person.

4. Action following an Incident

The organisation must give the adult and / or relevant person all reasonable support necessary to help overcome the physical, psychological and emotional impact of the incident. This could include all or some of the following:

• treating them with respect, consideration and empathy;
• offering the option of direct emotional support during the notifications, for example from a family member, a friend, a care professional or a trained advocate;
• offering help to understand what is being said, for example, through an interpreter, non-verbal communication aids, written information, Braille etc;
• providing access to any necessary treatment and care to recover from or minimise the harm caused where appropriate;
• providing the adult and / or relevant person with details of specialist independent sources of practical advice and support or emotional support / counselling;
• providing the adult and / or relevant person with information about available impartial advocacy and support services, their local Healthwatch and other relevant support groups, for example Cruse Bereavement Care and Action against Medical Accidents (AvMA), to help them deal with the outcome of the incident;
• arranging for care and treatment from another professional, team or provider if this is possible, if the adult and / or relevant person wishes;
• providing support to access the organisation’s complaints procedure.

See also South Tyneside Multi Agency Information Sharing Agreement

5. Record Keeping

See also Case Recording.

The organisation must keep a record of the written notification, along with any enquiries and investigations and the outcome or results of the enquiries or investigations. Any correspondence from the adult and / or relevant person relating to the incident must be responded to in an appropriate manner and a record of communications should be kept.

6. Organisational Learning

The organisation should ensure a culture in which it learns from incidents at all levels in order to ensure the future protection and safety of adults who use its services.

7. Training and Support

See also Safeguarding Training for Staff and Volunteers

Staff should receive appropriate training and there should be arrangements in place to support staff who are involved in a notifiable safety incident.

1. Introduction

Local authorities and Integrated Care Boards (ICBs) have equal and joint duties to prepare Joint Strategic Needs Assessments (JSNAs) and Joint Local Health and Wellbeing Strategies (JLHWSs), through the health and wellbeing board.

The purpose of the JSNA and JLHWS is to identify local needs to inform strategies and services to improve the health and wellbeing of the local community and reduce inequalities for all ages.

2. Joint Strategic Needs Assessment

A JSNA is an assessment of the current and future health and social care needs of the local community. These are needs that could be met by the local system and its partners, for example the local authority, Integrated Care Board, voluntary sector or the NHS.

The JSNA is produced by the local health and wellbeing board, and is unique to the local area. The health and wellbeing board should also consider a wide range of factors that impact on their communities’ health and wellbeing, and local assets that can help to improve outcomes and reduce inequalities. JSNAs should include information and outcomes for adult safeguarding. Each local area is free to undertake the JSNA in a way best suited to its local circumstances; there is no template or format that must be used and no mandatory data set to be included.

Within South Tyneside the approach taken includes asset within any assessment carried out and is therefore referred to as the JSNAA. The process of developing the key documents focuses on specific themes or topics rather than providing one overall needs assessment for South Tyneside. This approach enables individuals to access the relevant information more easily and allows documents to be updated more frequently as well as hosted on the website with a range of links to other supporting documents.

A range of quantitative (numeric) and qualitative (non-numeric) evidence should be used in the JSNA. There are a number of data sources and tools that the health and wellbeing board may find useful for obtaining quantitative data. Qualitative information can be gathered in a variety of ways, including views collected by the local Healthwatch organisation or by local voluntary sector organisations, feedback given to local providers by service users, and views fed in as part of community participation within the JSNA and JLHWS process.

3. Joint Local Health and Wellbeing Strategy

The JLHWS should turn the JSNA findings into clear outcomes that the health and wellbeing board wants to achieve, which will inform local commissioning, and the development of locally led initiatives that meet the outcomes agreed and the needs identified.

The JLHWS is the strategy for meeting the needs identified in the JSNA. As with JSNAs, it is produced by the health and wellbeing board, is unique to each local area, and there is no prescribed format.

However, the board must have regard to the integrated care strategy when preparing their joint local health and wellbeing strategies, as well as having regard to the NHS priorities and the statutory guidance.

The JLHWS should explain what priorities the health and wellbeing board has set in order to tackle the needs identified in the JSNA.

1. Introduction – Using Data to Improve Services

NHS Digital collect a range of data covering many aspects of adult health and social care. This includes data submitted by NHS trusts, local authorities, and providers.  Reports published by NHS Digital can be used to look at trends in adult social care and safeguarding adults activity at the national, regional and local level.

However, to measure the effectiveness of safeguarding adults practice locally, the Safeguarding Adults Board will also need to collect and analyse its own data. The Safeguarding Adult Board (SAB) is required under the Care Act 2014 to be able to share strategic information to improve local safeguarding practice.

Information which could be useful locally includes:

• data on safeguarding notifications to increase the SAB’s understanding of how widespread abuse and neglect is and how this may change over time;
• evidence of community awareness of adult abuse and neglect and how to respond.

The SAB annual report will also provide a summary of safeguarding adults activity in the local area and outline how it is meeting the aims of its business plan / strategic plan.

2. Safeguarding Adults Collection

Each year NHS Digital publishes the findings from data collected from local authorities under the Safeguarding Adults Collection (SAC).

The reports published provide details of safeguarding activity relating to adults aged 18 and over in England.

Data collected covers the following:

• number of safeguarding concerns;
• number of section 42 enquiries;
• types of risk;
• risk assessment and outcomes;
• making safeguarding personal;
• safeguarding adult reviews.

This data can be used by safeguarding adult partners to:

• understand trends in safeguarding concerns raised and enquiries conducted;
• analyse the profile of people involved in safeguarding enquiries, and the nature of the risk of abuse or neglect involved;
• supplement local data collected in relation to safeguarding practice and outcomes.

For more information see NHS Digital.

3. Deprivation of Liberty Safeguards

NHS Digital also collects a statutory annual return for Deprivation of Liberty Safeguards (DoLs).

Data collected from local authorities covers the following:

1. the number of DoLS application requests made;
2. the number of authorisation requests granted;
3. the number of authorisation requests not granted;
4. time taken to process DoLS applications.

See also  Deprivation of Liberty Safeguards (DoLS), under the Mental Capacity Act 2005 .

1. Introduction

A Multi-Agency Risk Assessment Conference (MARAC) is a local, multi-agency victim focused meeting where professionals meet to share information on high risk cases of domestic abuse.

Information about the risks faced by those victims, the actions needed to ensure safety, and the resources available locally are discussed, and used to create a risk management plan involving all agencies. The MARAC is part of a coordinated response to domestic abuse, incorporating representatives from statutory, community and voluntary agencies working with victims, adults experiencing or at risk of abuse or neglect, children and alleged perpetrators.

The MARAC aims to:

• share information to increase the safety, health and wellbeing of victims / survivors and their children;
• determine whether the alleged perpetrator poses a significant risk to any particular individual or to the general community;
• construct and jointly implement a risk management plan that provides professional support to all those at risk and that reduces the risk of harm;
• reduce repeat victimisation;
• improve agency accountability; and
• improve support for staff involved in high risk domestic abuse cases.

2. MARAC Attendance

The MARAC consists of a core group of professionals, representing the statutory and voluntary sectors. The meeting involves contribution and commitment from agencies including police, probation, children’s social care, adult social care (mental health, safeguarding adults), health, education, housing, substance misuse services, and specialist domestic abuse services. Other agencies can attend as required, when they have involvement in a case which is being discussed.

In South Tyneside, the MARAC meets weekly, and is chaired by the MARAC Co-ordinator from Northumbria Police.

The victim does not attend the meeting, nor the perpetrator or Crown Prosecution Service.

3. Independent Domestic Violence Advisors

Each victim referred to the MARAC will be allocated an Independent Domestic Violence Advisor (IDVA). The IDVA is a trained specialist whose goal is the safety of domestic abuse victims, focusing on victims at high risk of harm.

The IDVA will attempt to make contact with the referrer and the victim following receipt of a MARAC referral. The IDVA’s job is to be a bridge between victims and the MARAC meeting. The IDVA will try and meet the victim beforehand, or at least talk to them on the phone, and explain how the meeting works, what it can do, and what the options are.

The IDVA will also ask if there is anything the victim would want to be discussed at the meeting.

4. Making a Referral to MARAC

Referrals can be made (and are encouraged) by any agency who identifies a victim of domestic abuse as being high risk. To make a referral into the MARAC, a Risk Checklist  needs to be completed (see Section 5, DASH Checklist).

A DASH Risk Checklist will enable the practitioner to determine the level of risk posed to a victim. Upon meeting the MARAC threshold for high risk, the local MARAC coordinator / administrator should be contacted regarding making a referral. The case will be submitted for the next available MARAC; however in some circumstances, an emergency MARAC meeting may be called.

5. DASH Checklist

See Resources for Identifying the Risk Victims Face, DASH Checklist (SafeLives)

The DASH Risk Checklist is for all professionals working with victims of domestic abuse, stalking and honour based abuse.

The purpose of the checklist is to give a consistent and simple to use tool to practitioners who work with victims of domestic abuse in order to help them identify those who are at high risk of harm and whose cases should be referred to a MARAC meeting in order to manage the risk. The primary audience is front line practitioners working with victims of domestic abuse who are represented at MARAC.  This will include both domestic abuse specialists, such as independent domestic violence advisors (IDVAs), and generic practitioners such as those working in a primary care health service or housing.  However, a range of agencies can use the checklist with their clients or service users.

Risk in domestic abuse situations is dynamic and can change very quickly.  Therefore, as well as being used when you receive an initial disclosure of domestic abuse, it may be appropriate to review the checklist with a client on more than one occasion.  It is designed to be used for those suffering current rather than historic domestic abuse and ideally would be used close in time to the last incident of abuse that somebody has suffered. Using an evidence based risk checklist tool increases the likelihood of the victim being responded to appropriately and therefore of addressing the risks they face.  The risk checklist provides practitioners with common criteria and a common language of risk. The risk checklist should be introduced to the victim within the framework of an agency’s confidentiality policy, information sharing policy and protocols and its MARAC referral policies and protocols.

6. Assessing Risk

Practitioners must follow agreed protocols when referring to MARAC and children’s social care (see Local Contacts).  It is important for practitioners to use professional judgement in all cases.  The results from a checklist are not a definitive assessment of risk; they merely provide a structure to inform judgement and act as prompts to further questioning, analysis and risk management whether via a MARAC or in another way.

6.1 High risk victims

If the victim is assessed as high risk, a referral should be made to both the MARAC Coordinator and to the IDVA service. This, in itself, will not keep a victim safe and practitioners should consider what other actions are necessary including making a safeguarding referral where appropriate. Further information can be found in the South Tyneside Domestic Abuse Guide and Service Directory.

7. Interface with Safeguarding Adults

When deciding whether MARAC or safeguarding is the most appropriate process for a particular case, consideration should be given as to which process is most relevant in order to be able to resolve the issue. All involved professionals should discuss and agree the most appropriate process.

Referrals and involvement in both processes at the same time may result in confusion and duplication. Whichever process is followed, the main priority is always the safety and wellbeing of the adult (and any other adults at risk / children involved). Multi-agency safeguarding planning will be key in whatever process is used.

At MARAC meetings the adult will not be present (as may also be the case for safeguarding meetings); however either an IDVA or a victim support worker will be present to advocate on behalf of the adult.

Multi-Agency Public Protection Arrangements (MAPPA) may also need to be considered in relation to an offender (see Multi-Agency Public Protection Arrangements chapter).  Again, consideration needs to be given by all professionals as the most appropriate process.

When considering a referral to MARAC or adult safeguarding, professionals from any agency should adhere to these procedures and work to ensure the best interest of the adult.

1. Introduction

The purpose of MAPPA is to help reduce the re-offending behaviour of sexual and violent offenders in order to protect the public, including previous victims, from serious harm. It should also ensure that comprehensive risk assessments are undertaken and robust risk-management plans put in place. MAPPA takes advantage of coordinated information-sharing across the agencies on each MAPPA offender, and ensures that appropriate resources are directed in a way which enhances public protection.

MAPPA is not a statutory body in itself but is a mechanism through which agencies can better discharge their statutory responsibilities and protect the public in a coordinated way.

It aims to do this by ensuring that all relevant agencies work together effectively to:

• identify all relevant offenders complete comprehensive risk assessment that takes advantage of coordinated information sharing across the agencies; and
• devise, implement and review robust risk management plans and focus the available resources to best protect the public from serious harm.

The NPS, police and prison service are responsible authorities required to ensure the effective management of offenders. However NHS, social services, education and housing all have a duty to cooperate under the Criminal Justice Act 2003.

2. Responsible Authorities and Duty to Cooperate Agencies

The Responsible Authority is the primary agency for MAPPA. This is the police, prison and probation service in each area, working together. The Responsible Authority has a duty to ensure that the risks posed by specified sexual and violent offenders are assessed and managed appropriately.

Other bodies have a duty to cooperate with the Responsible Authority in this task. These duty to cooperate agencies (DTC agencies) will need to work with the Responsible Authority on particular aspects of an offender’s life, for example education, employment, housing, social care. These agencies include:

• adult and children’s social care services;
• local education authorities;
• youth offending teams;
• National Health Service providers;
• local housing authorities;
• registered social landlords who accommodate MAPPA offenders;
• Jobcentre Plus;
• electronic monitoring providers;
• UK Visas and Immigration.

3. Identification and Notification

The first stages of the process are to identify offenders who may be liable to management under MAPPA as a consequence of their caution or conviction and sentence. This responsibility falls to the agency that has the leading statutory responsibility for each offender. Offenders are placed into one of three MAPPA categories according to their offence and sentence:

• category 1: registered sexual offenders;
• category 2: violent and other sexual offenders (violent – 12 months or more sentence of imprisonment for violent offence, other sexual offenders and those subject to hospital orders with restrictions);
• category 3: other dangerous offenders – a person who has been cautioned for or convicted of an offence which indicates that he or she is capable of causing serious harm and which requires multi-agency management. It could also include those offenders on a community order who are, therefore, under the supervision of the probation service.

4. Levels of Management

MAPPA offenders are managed at one of three levels according to the extent of agency involvement needed and the number of different agencies involved.

Level 1: ordinary agency management – ordinary agency management level 1 is where the risks posed by the offender can be managed by the agency responsible for the supervision or case management of the offender. The majority of offenders are managed at level 1. This involves the sharing of information but does not require multi-agency meetings.

Level 2: active multi-agency management – cases should be managed at level 2 where the offender:

• is assessed as posing a high or very high risk of serious harm; or
• the risk level is lower but the case requires the active involvement and co-ordination of interventions from other agencies to manage the presenting risks of serious harm; or
• the case has been previously managed at level 3 but no longer meets the criteria for level 3; or
• multi-agency management adds value to the lead agency’s management of the risk of serious harm posed;

Level 3: active enhanced multi-agency management – level 3 management should be used for cases that meet the criteria for level 2 but where it is determined that the management issues require senior representation from the Responsible Authority and DTC agencies. This may be when there is a perceived need to commit significant resources at short notice or where, although not assessed as high or very high risk of serious harm, there is a high likelihood of media scrutiny or public interest in the management of the case and there is a need to ensure that public confidence in the criminal justice system is maintained.

5. MAPPA Meetings

The vast majority of MAPPA offenders will be managed through the ordinary management of one agency, although this will usually involve the sharing of information with other relevant agencies.

The structural basis for the discussion of MAPPA offenders who need active interagency management, including their risk assessment and risk management, is the MAPP meeting.

The Responsible Authority agencies and the MAPPA Coordinator are permanent members of these meetings. The DTC agencies should be invited to attend for any offender in respect of whom they can provide additional support and management. The frequency of meetings depends on the level of management deemed appropriate for each offender.

1. Introduction and Definition

1.1 Definition of No Recourse to Public Funds

The immigration status of a person who is not a British citizen (non-UK national) determines whether they are able to work and access public funds – such as welfare benefits – in the United Kingdom (UK).

A person has no recourse to public funds (NRPF) if they are ‘subject to immigration control’. This means a person is not usually entitled to welfare benefits or public housing (although there are some exceptions).

Section 115 Immigration and Asylum Act 1999 states that a person will be ‘subject to immigration control’ if they have:

• Permission (known as ‘leave’) to enter or remain in the UK, which has a NRPF condition attached (for example they are given permission to enter or remain on a temporary basis, such as to visit, study or work);
• permission to enter or remain in the UK where a ‘maintenance undertaking’ is required. This is when someone else is a sponsor for a person’s immigration application and signs an agreement to say they will provide the person with accommodation and financial support whilst they are in the UK;
• permission to enter or remain in the UK while they await the decision of their immigration appeal;
• they do not have permission to enter or remain in the country when they are required to have this. This means that anyone who is required to have permission to enter or live in the UK but does not have this, will be subject to immigration control. This includes people who are seeking asylum and people who:
  • entered the UK illegally;
  • stayed past the date when their visa expired; or
  • are Appeal Rights Exhausted (ARE) following an unsuccessful asylum or immigration claim.

The statement ‘no public funds’ will be written on the person’s immigration documentation, if they have immigration permission with NRPF.

People who have no recourse to public funds are not usually entitled to receive welfare benefits. They also have no entitlement to local authority housing or assistance from the local authority in relation to homelessness.

There are exceptions to these rules in certain circumstances; for example, a person who has permission to remain with NRPF may still be able to claim certain benefits without this affecting their immigration status. See Public Funds Caseworker Guidance (Home Office) for more information.

1.2 Recourse to Public Funds

People with the following types of immigration status will have recourse to (be able to access) public funds:

• indefinite leave to enter or remain or no time limit (apart from an adult dependent relative);
• right of abode;
• exempt from immigration control;
• refugee status;
• humanitarian protection;
• leave to remain granted under the family or private life rules where they are accepted by the Home Office as being destitute or at risk of imminent destitution;
• Hong Kong British nationals overseas BN(O) leave, when they have been accepted by the Home Office as being destitute (this means they are very poor and have no money to provide for themselves) or at risk of immediate destitution;
• Settled status granted under the EU Settlement Scheme (EUSS) and, in some cases, pre-settled status, although they will need to satisfy a right to reside test and DWP requirements to qualify for benefits and / or local authority housing assistance;
• discretionary leave to remain, for example:
  • leave granted to a person who has received a decision from the Home Office that they are a victim of trafficking or modern day slavery;
  • destitution domestic violence concession;
  • unaccompanied asylum-seeking child.

People who have lived in the UK for several decades can be in the country legally even if they do not have documents confirming this. In such cases, the person may be able to apply to the Windrush Scheme and apply for a document that proves they can live and work in the UK.

2. Asylum Seekers

When an asylum seeker presents to the local authority and appears to have care and support needs, they must be assessed under the Care Act 2014 in the usual way, and provided with care and support if the assessment concludes they have eligible needs.

Even if an asylum seeker is waiting for a decision from the Home Office, or the outcome of any appeal,, they are still able to receive care and support from the local authority, if the Care Act assessment concludes they are eligible.

If an asylum seeker, who has received the final decision of their asylum claim, presents to the local authority and appears to have care and support needs, they must also be assessed in the usual way under the Care Act, but the provision of care and support may be subject to a human rights assessment depending on their immigration status and whether they are in a group excluded by Schedule 3 of the Nationality, Immigration and Asylum Act 2002.

In certain circumstances, destitute refused asylum seekers may be provided with support from the Home Office under section 4 of the Immigration and Asylum Act 1999. They need to show that they:

• are taking all reasonable steps to leave the UK;
• are unable to leave the UK due to physical impediment;
• have no safe route of return;
• have been granted leave to appeal in an application for judicial review concerning their asylum claim; or
• require support to avoid a breach of their human rights, for example they have made further submissions for a fresh asylum claim.

The support provided comprises accommodation and subsistence, which is intended to cover the costs of food, clothing and toiletries, through a card that can be used in shops but not to withdraw cash. Subsistence support cannot be provided independently of accommodation.

The following organisations provide information and asylum support:

• Home Office: Asylum Support How to Claim;
• Migrant Help (assistance with applications);
• Asylum Support Appeals Project (assistance when support is refused).

3. Adult Safeguarding

People with no recourse to public funds may be at increased risk of domestic abuse or exploitation due to their unsettled immigration status and a lack of access to benefits and mainstream housing service.

Section 42 of the Care Act 2014 requires the local authority to undertake a safeguarding adults enquiry to decide whether any action needs to be taken to prevent or stop an adult being abused or neglected (see Safeguarding Adults chapter).

The Care and Support Statutory Guidance states that abuse or neglect includes modern slavery which covers slavery; human trafficking; forced labour; domestic servitude and where traffickers and slave masters coerce, deceive and force people into a life of abuse, servitude and inhumane treatment (see Modern Slavery chapter).

Whatever a person’s nationality or immigration status, the local authority should always follow safeguarding adults procedures and carry out a safeguarding adults enquiry and take any necessary action to stop abuse or neglect.

3.1 Modern slavery

See also Modern Slavery chapter.

Local authorities must consider and investigate when they suspect a person may be a victim of trafficking or modern slavery, or when a confirmed victim who has NRPF requests care and support or requires housing.

When a person is identified as being a potential victim of trafficking or modern slavery, the local authority must notify the National Referral Mechanism (NRM).

A referral should also be made to the NRM for support if the person consents to this.

If the person does not consent to a referral to the NRM, the local authority must still notify the Home Office.

When a referral is made to the NRM, housing and subsistence support are provided by the Salvation Army and partner organisations for 45 days.

1. Introduction

Local authorities are required to meet the care and support needs of adults who are ‘ordinarily resident’ in their area (or who are present there but have no settled residence). Ordinary residence is, therefore, crucial in deciding which local authority is required to meet the care and support needs of adults, and their carers. Whether the adult is ordinarily resident in a local authority area is a key test in determining where responsibilities lie for the funding and provision of care and support.

Ordinary residence is not a new concept; it has been used in care and support for many years. Usually establishing ordinary residence is straightforward, and the Care and Support Statutory Guidance contains guidance on how it is decided in some more complex situations, such as when a person is away at university for part of the year or has more than one home.

If local authorities cannot agree about ordinary residence, there is a process for appealing to the Secretary of State.

2. How does Ordinary Residence affect the Provision of Care and Support?

The test for ordinary residence is used to determine which local authority is responsible for meeting needs, applies differently in relation to adults with needs for care and support and carers. For adults with care and support needs, the local authority in which the adult is ordinarily resident will be responsible for meeting their eligible needs. For carers, however, the responsible local authority is the one where the adult being cared for is ordinarily resident.

The process of determining ordinary residence must not delay the process of meeting the adult’s care and support needs. In cases where ordinary residence is not certain, the local authority where the adult is physically present should meet the person’s needs first, while the question of ordinary residence is resolved.

3. How to Determine Ordinary Residence

Ordinary residence is not defined in the Care Act, but court cases have established that the term should be given its ordinary and natural meaning.

Local authorities should apply the principle that ordinary residence is the place a person has voluntarily adopted for a settled purpose, whether for a short or long period of time. Ordinary residence can be acquired as soon as a person moves to an area, if their move is voluntary and for settled purposes, irrespective of whether they own, or have an interest in a property in another local authority area. There is no minimum period in which a person has to be living in a particular place for them to be considered ordinarily resident there, because it depends on the nature and quality of the connection with the new place.

4. Cases where a Person Lacks Mental Capacity

See also Mental Capacity

All issues relating to ordinary residence and mental capacity should be decided with reference to the Mental Capacity Act 2005 (MCA). Under the MCA, it must always be assumed that adults have capacity to make their own decisions, including decisions about where they live and the type of accommodation they would like, unless following a mental capacity assessment it is decided they do not have mental capacity to make those decisions.

The test for mental capacity is specific to each decision at the time it needs to be made, and a person may have capacity to make some decisions but not others. It is not necessary for a person to understand local authority funding arrangements to have capacity to decide where they want to live.

If an adult lacks mental capacity to make a particular decision, the MCA explains clear how decisions should be made for them. For example, if a person lacks mental capacity to decide where to live, a best interests decision about their accommodation should be made. Any act done, or decision made (including decisions relating to where a person without mental capacity should live), must be done or made in their best interests. The MCA provides a checklist to use when working out what is in the best interests of a person who lacks mental capacity.

1. Introduction

Data protection legislation should not be seen as an obstacle to sharing information, but as a framework of best practice which helps to ensure that when the local authority uses, records and shares information it does so safely and in a way which is transparent and in line with the law.

Partner agencies of the South Tyneside Safeguarding Adults Board collect, store, use and retain (for specified time periods) information about people with whom they work. This includes:

• adults who use (or previously used) their services, including their families and any children;
• staff; and
• suppliers.

When processing data in this way, organisations must comply with the requirements of the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (UK GDPR).

Organisations must also ensure through their procedures and working practices, that all employees, contractors, consultants, suppliers and partners who have access to any personal data held by or on behalf of the organisation are fully aware of and abide by their duties and responsibilities under data protection legislation. Any contracts with service providers must be clear about the different parties’ responsibilities for data processing and information sharing.

Personal information must be handled and dealt with in accordance with data protection legislation however it is collected, stored, recorded and used, and whether it be on paper, on computer or digital records or recorded in any other way.

Organisations may also be required to collect and use information in order to comply with the requirements of central government, such as in the case of a Safeguarding Adults Review or Care Quality Commission inspection.

2. Legislation

2.1 Data Protection Act 2018

The Data Protection Act 2018 (DPA)  aims to ensure that UK data protection legislation keeps pace with technological changes, and the impact these have had on the collection and use of personal data.

2.2 UK General Data Protection Regulation

The UK General Data Protection Regulation (UK GDPR) sets out the key principles, rights and obligations for processing personal data. For more information see, UK GDPR: Guidance and Resources, Information Commissioner’s Office.

The GDPR:

• gives individuals greater control of their data by improving consent processes; and
• introduced the ‘right to be forgotten’ which enables the data subject to have their data ‘forgotten’ in certain circumstances.

If staff receive a query about the collection or processing of personal data, they should contact their Information Governance team / Data Protection Lead for advice.

3. Principles of Data Protection: Article 5 DPA

Anyone processing personal data must comply with the principles laid down the DPA and UK GDPR. These are legally enforceable and require that when personal data is processed (see also Section 3.2 What is personal data under Article 4?) it must be:

• lawful and fair and carried out in a transparent manner in relation to the data subject. (lawfulness, fairness and transparency principle);
• specified, explicit and legitimate and not further processed for other purposes incompatible with those purposes (purpose limitation principle);
• adequate, relevant and not excessive to what is necessary in relation to the purposes for which data is processed (the data minimisation principle);
• accurate and kept up to date (the accuracy principle);
• kept for no longer than is necessary for the purposes for which the personal data is processed (the storage limitation principle); and
• stored in a way that ensures appropriate security including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures (the integrity and confidentiality principle and the accountability principle).

3.1 Handling personal data and or sensitive personal data

The DPA outlines conditions for the processing of personal data, and makes a distinction between personal data and sensitive personal data.

Personal data is is any information relating to a living person who can be identified or who is identifiable, directly from that information, or who can be indirectly identified from that information in combination with other information

3.2 What is Personal Data under Article 4 GDPR?

Personal data is:

• any information relating to an identified or identifiable natural person such as:

1. 1. a name;
   2. an identification number;
   3. location data;
   4. an online identifier such as an IP address or cookies; or
   5. an email address.

3.3 Special Categories of Data (sensitive personal data): GDPR Article 9

Special category data is personal data that needs more protection because it is sensitive. It includes personal data which reveals:

• racial or ethnic origin;
• political opinion;
• religious or other beliefs;
• trade union membership;
• physical or mental health or condition;
• sexual life or sexual orientation.

3.4 Identifying a lawful basis for sharing information 

Article 6 of the UK GDPR providers practitioners with a number of lawful bases for sharing information. At least one of these must apply whenever personal data is processed.

Where practitioners need to process and share special category data (sensitive personal data), they need to identify both a lawful basis for processing under Article 6 of the UK GDPR and a special category condition for processing in compliance with Article 9 (see: Lawful basis (Information Commissioner’s Office));

4. Data Protection Practice

The organisation must:

• observe fully conditions regarding the fair collection and use of personal information;
• meet its legal obligations to specify the purpose for which information is used;
• collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
• ensure the quality of information used;
• apply strict checks to determine the length of time information is held;
• take appropriate technical and organisational security measures to safeguard personal information;
• ensure that personal information is not transferred abroad without suitable safeguards;
• ensure that the rights of people about whom the information is held can be fully exercised under data protection legislation. These include:
  • the right to be informed that processing is being undertaken;
  • the right of access to one’s personal information within the statutory timescale;
  • the right to prevent processing in certain circumstances;
  • the right to correct, rectify, block or erase information regarded as wrong information.

In addition, the organisation should ensure that:

• there is someone with specific responsibility for data protection;
• everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice;
• everyone managing and handling personal information is appropriately trained to do so;
• everyone managing and handling personal information is appropriately supervised;
• anyone wanting to make enquiries about handling personal information, whether a member of staff or a member of the public, knows what to do;
• queries about handling personal information are promptly and courteously dealt with;
• methods of handling personal information are regularly assessed and evaluated;
• performance with handling personal information is regularly assessed and evaluated;
• data sharing is carried out under a written agreement, setting out the scope and limits of the sharing. Any disclosure of personal data will be in compliance with approved procedures.

All employees should be aware of their organisation’s data protection policy and of their duties and responsibilities under the DPA.

All managers and staff will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that:

• paper files and other records or documents containing personal / sensitive data are kept in a secure environment;
• personal data held on computers and computer systems is protected by the use of secure passwords, which where possible have forced changes periodically;
• passwords must not be easily compromised and must not be shared with others;
• personal data must only be accessible to team members with appropriate access levels;
• data in all forms must be disposed of by secure means in accordance with local policies.

All contractors, consultants, suppliers and partners must:

• ensure that they and all of their staff who have access to personal data held or processed for or on behalf of the organisation, are aware of this policy and are fully trained in and are aware of their duties and responsibilities under data protection legislation. Any breach of any provision of the legislation will be deemed as being a breach of any contract between the organisation and that individual, partner or firm (see Report a Breach, Information Commissioner’s Office);
• allow data protection audits by the organisation of data held on its behalf (if requested);
• indemnify the organisation against any prosecutions, claims, proceedings, actions or payments of compensation or damages, without limitation.

All contractors and suppliers who use personal information supplied by the organisation will be required to confirm that they abide by the requirements of data protection legislation in relation to such information supplied by the organisation.

The organisation must also:

• ensure data subjects are given greater control of their data by improving consent processes. Consent must be freely given, specific, informed and give a clear indication of their wishes. This must be provided by a statement or clear affirmative action, signifying the individual’s agreement to the processing of their personal data;
• ensure that data subjects have the ‘right to be forgotten’ in certain circumstances;
• keep a record of data operations (mapping data flow within the organisation) and activities and assess if it has the necessary data processing agreements in place, and take action to remedy if not;
• carry out data protection impact assessments (DPIAs) on its products and systems;
• designate a data protection officer (DPO);
• review processes for the collection of personal data;
• be aware of the duty to notify the Information Commissioner’s Office (ICO) of a data breach (the relevant supervisory authority);
• ensure ‘privacy by design’ and ‘privacy by default’ in new products (such as a case new recording system) and assess whether existing products used by the organisation meets the new data protection standards and take action accordingly to ensure compliance.

5. Redaction of Third Party Data

Before sharing information, personal data relating to third parties must be redacted (removed) in order to protect their privacy. For example, where case records include references to other people, such as the adult’s family and friends, it is likely some of this information will need to be withheld (redacted) before the record can be shared.

Under the Data Protection Act, it is for each organisation to weigh up how ‘reasonable’ it is to share another person’s information in each case (for example it may be reasonable to share information about another family members’ health condition if is likely to be hereditary). The Act is clear however that any person who appears in records because they were employed to provide care or received payment for providing a service, or acted in an official capacity, should not be treated as ‘third party’. This means that the names and information of social workers and other professionals should not be redacted from case records.

6. Rights of the Data Subject

Any person whose information is being processed has the following rights:

• to be informed of data processing (for example a privacy notice);
• to be able to access information free of charge (also known as a subject access request) – there is a one month time limit for an organisation to respond to any such request;
• to have inaccuracies corrected;
• to have information erased (although this is not an absolute right);
• to restrict processing;
• to have data portability;
• intervention in respect of automated decision making;
• to be able to withdraw consent;
• to complain to the Information Commissioner’s Office (ICO).

6.1 Right to be informed (Section 44 DPA)

A person whose information is being processed should have access to a privacy notice, setting out:

• lawful basis for processing;
• contact details for the Data Protection Officer (DPO);
• what information will be processed;
• who it will be shared with and why;
• how long it will be held;
• details of rights;
• how to complain.

6.2 Rectification (Section 46 DPA)

A person whose information is being processed has the following rights:

• to rectify or correct inaccurate information;
• if information is incomplete it must be completed;
• rectification or correction can be achieved by the provision of a supplementary statement;
• where the rectification is of information maintained for the purposes of evidence, instead if rectifying, the processing should be restricted;
• be informed in writing if request has been granted and if not the reasons for this.

7. Action if there is a Data Breach

A breach of data security can be either accidental, deliberate or unlawful and can involve:

1. destruction;
2. loss;
3. alteration;
4. unauthorised disclosure;
5. unauthorised access.

A breach covers accidental and deliberate causes and is more than just losing personal data.

7.1 Examples of data breaches

These are commonly occurring breaches:

• access by an unauthorised party, including a third party;
• deliberate or accidental action (or inaction) by a controller or processor;
• sending personal data to an incorrect recipient;
• computing devices containing personal data being lost or stolen;
• alteration of personal data without permission; and
• loss of availability of personal data.

7.2 What constitutes a serious data breach?

A serious data breach:

• is where it is likely to result in a risk to the rights and freedoms of individuals. If unaddressed such a breach is likely to have a significant detrimental effect on individuals – for example, result in discrimination, damage to reputation, risk of physical harm, financial loss, loss of confidentiality or any other significant economic or social disadvantage;
• must be assessed on a case by case basis;
• must consider these factors: detriment / nature of data / volume (detriment includes emotional distress as well as both physical and financial damage).

All serious data breaches must be reported to the ICO within 72 hours of becoming aware of the breach. See ICO for further information.