In a significant development, schools and education providers are anticipated to be captured by the second phase of the Child Information Sharing Scheme (CISS) by September 2020. This change will have privacy, child safety and regulatory implications and risks for organisations. In this article, we outline what the CISS is and the steps organisations need to take to begin their preparation.
What is the CISS?
The CISS commenced on 3 September 2019. It aims to facilitate the sharing of information between organisations that work with children to better support children and families as early as possible and prevent harm from occurring. It allows organisations to share information in a manner that previously may have been a breach of privacy laws and will apply to all children in Victoria aged 0 – 18.
Organisations that are captured by the CISS will be known as prescribed information sharing entities (ISEs). A Child Link Register will also be set up which will contain a key set of factual information relating to all children born in Victoria. Information included will be the personal details of a child, contact details of parents / guardians, contact details of services in which a child is enrolled, and whether a child protection order has been made. ISEs will be able to request information from the Register as well as from other ISEs.
The CISS will work alongside the Family Violence Information Sharing Scheme (FVISS).
Which organisations are captured?
The first phase of the CISS primarily captured frontline state funded services such as out-of-home care services, homelessness services and domestic violence organisations.
However, the second phase of the CISS is anticipated to have a significantly wider reach. The Victorian Government has drafted the proposed Child Wellbeing and Safety (Information Sharing) Amendment Regulations 2020 (2020 Regulations). Under the draft 2020 Regulations, organisations that will become ISEs are:
- Regulators including the Victorian Institute of Teaching, Victorian Curriculum and Assessment Authority and the Victorian Registration and Qualifications Authority;
- Registered schools;
- Education and care providers that provide kindergarten, long day care or before / after school care;
- Registered agencies within the meaning of the Housing Act 1983;
- Registered medical practitioners who practises in the medical profession as a general practitioner in Victoria;
- General practice nurses who are employed by, or whose services are otherwise retained by, a general practice in Victoria;
- Organisations engaged or funded by the State to provide:
- case management support for at risk social housing tenants;
- specialist forensic disability accommodation services; or
- supported playgrounds;
Approved providers of a residential care service within the meaning of the Aged Care Act 1997 of the Commonwealth that provides State funded residential aged care services; and
Registered community health centres.
What are the key obligations under the CISS?
Under the CISS, an ISE can:
- Share information in response to a request from another ISE;
- Make a request for information; and
- Share information proactively to other ISEs.
When an ISE receives an information request from another ISE, it must assess the request against the three thresholds. Generally, an ISE must form the reasonable view that the request is for the purpose of promoting the wellbeing or safety of a child or group of children and that sharing the information may assist the requesting ISE to carry out their professional activity. The information can also not be excluded information such as privileged information or information that could endanger a person’s life or result in physical injury.
ISEs can share a broad range of information if it meets the threshold questions, including professional judgements, plans and assessments and information obtained from other sources. It can also share information not only about the child but also a person with parental responsibility for the child or a person with whom the child is living.
Some examples of when an ISE could request and share information using the CISS could include:
- A school or education provider is conducting an investigation into a child safety matter involving a child. It can request information about that child from another ISE if it believes that request will promote the safety of the child or a group of children.
- A child moves from one school to another school and the current school is concerned about a potential domestic violence risk to that child. The current school can request information regarding the child and their parents from the child’s previous school for the purpose of managing the risk.
- A school or education provider is concerned about a child’s mental health. It can request information from the child’s general practitioner for the purpose of making a safety management plan to promote the wellbeing or safety of that child.
What do organisations need to do?
It is anticipated that schools, education providers and other organisations will be caught in the second phase of the CISS from September 2020. Organisations should begin to consider the changes needed to their policies, procedures and processes to comply with the CISS and to best utilise it for the safety and wellbeing of children.
We recommend that organisations:
- Train your staff – CISS will need to be administered by staff members who will need training to understand when to make a request for information and how to respond to requests. For organisations that are also caught by FVISS, training will be needed for employees on the interaction between the two schemes.
- Review your policies and procedures – CISS will have significant implications for organisations, particularly in terms of privacy and child safety. These policies and procedures will need to be reviewed and amended to align with the CISS, as well as other documents such as enrolment contracts and collection notices.
- Communicate to your stakeholders – While the CISS will assist organisations to better share information for the wellbeing of children, the increased sharing of information could concern children and their families. It is important that organisations mitigate any relationship risk that could arise by clearly communicating when it will share information under the CISS and how this will impact confidentiality and privacy.
- Seek strategic advice – For the organisations captured in the second phase of the CISS, this type of information sharing will likely be a substantial departure from previous practice. Organisations should carefully consider how they will roll out the CISS, embed it into their operations and comply with the complex legislative framework as well as their other obligations.
How we can help
Moores has extensive experience in privacy, child safety and regulation and is well placed to assist organisations in preparing for and implementing the CISS. For more information, please do not hesitate to contact us.