JavaScript is required
Published by:
Department of Education
Date:
11 Sept 2023

The Child Information Sharing Scheme Ministerial Guidelines are made under section 41ZA of the Child Wellbeing and Safety Act. They explain how prescribed information sharing entities should handle confidential information responsibly, safely and appropriately under the Child Information Sharing Scheme. The guidelines also set out how the legislative principles of the scheme are to be applied.

Introduction

The Child Information Sharing Scheme assists professionals and organisations to better perform their roles and responsibilities by clarifying and expanding the circumstances in which they can share information to promote the wellbeing and safety of children.

The scheme is intended to facilitate services working together to identify needs and risks, promote earlier, more effective support for children and families, and encourage integrated service provision, to improve outcomes for children and families.

The Child Information Sharing Scheme has been developed in response to numerous independent reviews and inquiries over the past decade.1 These inquiries have recommended streamlining Victoria’s information sharing arrangements to improve outcomes for children by promoting shared responsibility for their wellbeing and safety and increasing collaboration across the service system. They also identified the need to change a risk-averse culture, which has resulted in some professionals being hesitant to share information even when it would benefit children to do so.

In recognition of the necessity for services to provide a holistic response to the range of needs and risks experienced by children and families, this scheme complements the Family Violence Information Sharing Scheme authorised by Part 5A of the Family Violence Protection Act 2008.

To share information to identify, assess and manage the risk of family violence to children or adults, while promoting children’s wellbeing and safety, the two schemes must be used together in conjunction with the Multi-Agency Risk Assessment and Management Framework (MARAM Framework).

The Child Information Sharing Scheme also complements and supports child and family service reforms, The Orange Door Network and other child safety legislation, including the Child Safe Standards and Reportable Conduct Scheme.

These reforms share a common purpose:

  • to drive cultural and practice change to place the wellbeing and safety of children at the centre of service delivery; and
  • to focus on prevention and earlier support to protect children and assist them to thrive and develop.

The Child Information Sharing Scheme is complemented by the introduction of Child Link, which is established under Part 7A of the Child Wellbeing and Safety Act 2005. Child Link is a digital tool that consolidates and displays key factual information about every child in Victoria to promote the wellbeing or safety of children in Victoria. The launch of Child Link in 2021 is a significant milestone in the implementation of Victoria’s Child Information Sharing reform and is a further enabler to improve outcomes for Victorian children.

The Child Information Sharing Scheme is established under Part 6A of the Child Wellbeing and Safety Act 2005.

Organisations and services prescribed as information sharing entities by the Child Wellbeing and Safety (Information Sharing) Regulations 2018 are permitted to share confidential information under the Child Information Sharing Scheme. Appendix 2 provides a list of types of information sharing entities. ‘Confidential information’ is defined in the Glossary and is usually referred to in these guidelines simply as ‘information’. Information that is not confidential may be shared outside the scheme.

The Child Information Sharing Scheme works in conjunction with existing information sharing legislative provisions. Organisations and services should continue to share information and collaborate according to existing legal obligations and permissions, as appropriate.

The Child Information Sharing Scheme does not affect reporting obligations created under other legislation, such as mandatory reporting obligations under the Children, Youth and Families Act 2005.

The Child Information Sharing Scheme Ministerial Guidelines are made under section 41ZA of the Child Wellbeing and Safety Act. They explain how prescribed information sharing entities should handle confidential information responsibly, safely and appropriately under the Child Information Sharing Scheme. The guidelines also set out how the legislative principles of the scheme are to be applied.

Principles

When sharing information under the Child Information Sharing Scheme, the legislative principles require information sharing entities to:

  1. Give precedence to the wellbeing and safety of a child or group of children over the right to privacy.
  2. Seek to preserve and promote positive relationships between a child and the child’s family members and people significant to the child.
  3. Seek to maintain constructive and respectful engagement with children and their families.
  4. Be respectful of and have regard to a child’s social, individual and cultural identity, the child’s strengths and abilities and any vulnerability relevant to the child’s safety or wellbeing.
  5. Promote a child’s cultural safety and recognise the cultural rights and familial and community connections of children who are Aboriginal, Torres Strait Islander or both.
  6. Seek and take into account the views of the child and the child’s relevant family members, if it is appropriate, safe and reasonable to do so.
  7. Take all reasonable steps to plan for the safety of all family members believed to be at risk from family violence.
  8. Only share confidential information to the extent necessary to promote the wellbeing or safety of a child or group of children, consistent with the best interests of that child or those children.
  9. Work collaboratively in a manner that respects the functions and expertise of each information sharing entity.

The Child Information Sharing Scheme Ministerial Guidelines are legally binding for all prescribed information sharing entities. Information sharing entities are responsible for ensuring that their organisational policies and practices are consistent with these guidelines. If courts and tribunals are prescribed to be information sharing entities, their participation in the scheme is voluntary. Practice examples in these guidelines are for illustrative and educational purposes only and are not intended to serve as definitive advice. When using the scheme, information sharing entities should consider individual facts and circumstances before exercising their professional judgement with respect to the application of the scheme.

State contracts and funding agreements also require compliance with these guidelines.

If a privacy complaint in relation to information sharing under this scheme is made to the Office of the Victorian Information Commissioner or the Health Complaints Commissioner, and the information sharing entity has failed to comply with the guidelines, this may be considered in the determination of the complaint.

In these guidelines, the terms ‘child’, ‘children’ and ‘young person’ are used interchangeably and all refer to people under the age of 18 years. The term ‘young person’ may refer to older children between the ages of 12 and 18. The Glossary at Appendix 1 provides a full list of definitions and acronyms used in the guidelines.

Footnotes

1. Commission for Children and Young People 2014-2015 Annual Report; Commission for Children and Young People 2015–16 Annual Report; Commission for Children and Young People 2016–17 Annual Report; Commission for Children and Young People 2016, Neither seen nor heard: Inquiry into issues of family violence in child deaths; Coroner Court of Victoria, 2015, Inquest into the Death of Baby D; Cummins et al 2012,  Report on the Protecting Victoria’s Vulnerable Children Inquiry; Department of Health and Human Services 2016; Royal Commission into Family Violence, 2016, Report and recommendations; Victorian Auditor-General’s Office, 2011, Early Childhood Development Services: Access and Quality; Victorian Auditor-General’s Office, 2015, Early Intervention Services for Vulnerable Children and Families; Royal Commission into Institutional Responses to Child Sexual Abuse, 2017.

Chapter 1 - Sharing information under the scheme

Key points

  • Organisations and services prescribed by the Child Wellbeing and Safety (Information Sharing) Regulations as information sharing entities are permitted to share information under the Child Information Sharing Scheme.
  • Information sharing entities should have policies and procedures in place that guide use of the scheme, consistent with Part 6A of the Child Wellbeing and Safety Act and these guidelines.
  • Information sharing entities should identify those roles in the organisation or service that are appropriate to use the scheme to make or respond to requests and voluntarily share information, on behalf of the information sharing entity. Factors information sharing entities may consider when identifying roles are described below.
  • Individuals using the scheme to make or respond to requests and voluntarily share information on behalf of the information sharing entity must be employed or otherwise contracted (other than on a voluntary basis) by the information sharing entity. Volunteers must not use the scheme to request or share information.
  • Information sharing entities should respond to a request from another information sharing entity in a timely manner and must provide relevant information if the legal requirements of the Child Information Sharing Scheme are met.
  • Information sharing entities should consider the legislative principles of the Child Information Sharing Scheme and exercise their professional judgement when determining whether the threshold for sharing is met, what information to share and with whom to share it.
  • When assessing whether sharing or requesting information would promote children’s wellbeing or safety, information sharing entities should consider the identity and circumstances of each child and their family, including their unique needs such as cultural safety and any risks of discrimination or stigma they may be facing.
  • Information sharing entities can also share information with a child or parent to manage a risk to a child’s safety.
  • Professionals are protected if they share in good faith and with reasonable care (see Chapter 6).

Who can share information

Prescribed information sharing entities

Organisations and services prescribed as information sharing entities by the Child Wellbeing and Safety (Information Sharing) Regulations are authorised to share information and request information under the Child Information Sharing Scheme.

Organisations and services are prescribed because of their role and expertise within the service sector and because the information they hold may assist other information sharing entities to promote the wellbeing or safety of children. Information sharing entities should have policies and procedures in place that guide use of the scheme, consistent with Part 6A of the Child Wellbeing and Safety Act and these guidelines. As part of their policies and procedures, information sharing entities should identify (at an organisational or service level) those roles in the organisation or service that are appropriate to use the scheme to make or respond to requests and voluntarily share information, on behalf of the information sharing entity.

Information sharing entities must be satisfied that any roles identified to use the scheme to make or respond to requests and voluntarily share information on their behalf are:

  • employed or otherwise contracted (other than on a voluntary basis) by the information sharing entity. Volunteers must not use the scheme to request or share information.

Other factors information sharing entities may consider in identifying appropriate roles to use the scheme on their behalf are:

  • the exercise of professional judgement in the identification or management of child and/or family wellbeing or safety, and/or the appropriate and sensitive management of confidential information
  • sufficient competency in the use of the Child Information Sharing Scheme, and
  • where relevant and applicable, regular and direct engagement with the clients whose information may be shared or requested, and/or the children in whose interest information may be shared or requested. This point does not prohibit information sharing entities identifying appropriate roles to use the scheme which do not have direct client contact.

Individual workers are protected from liability if they share information in good faith and with reasonable care (see Chapter 6).

Prescribed information sharing entities can request and disclose confidential information if the Child Information Sharing Scheme threshold is met.

Information sharing entities should familiarise themselves with the other categories of information sharing entities (see Appendix 2) and develop knowledge of other service providers and professionals in their area who may have relevant experience to support children and their families. Many information sharing entities will already have established relationships and information sharing arrangements with other service providers. The Child Information Sharing Scheme may facilitate new or enhanced information sharing arrangements and collaboration between services.

Before disclosing information under the Child Information Sharing Scheme, information sharing entities should confirm that the receiving organisation or service is also an information sharing entity.

If the legal requirements (or threshold) of the scheme are met, an information sharing entity:

  • may make requests for information to another information sharing entity
  • must disclose relevant information to another information sharing entity, if requested
  • may disclose information voluntarily (proactively) to another information sharing entity.

Information sharing entities will use their expertise and exercise their professional judgement to:

  • identify the range of needs and risks that impact on a child’s life
  • inform a decision as to whether the purpose for requesting and the threshold for sharing information is met
  • decide what and how much information to share
  • determine who to share with to support improved service delivery and promote the wellbeing or safety of the child or children.

Information sharing entities should respond to requests for information in a timely manner, including when they are declining to provide information in response to the request.

If an information sharing entity is declining a request from another information sharing entity, they are required to provide written reasons for doing so (see Chapter 5).

All organisations and services should continue to share information as appropriate in accordance with other laws. The Child Information Sharing Scheme does not impact on these existing permissions and obligations.

The threshold for sharing

Information sharing entities can share confidential information with other information sharing entities under the Child Information Sharing Scheme if:

  1. The information sharing entity is requesting or disclosing confidential information about any person for the purpose of promoting the wellbeing or safety of a child or group of children; and
  2. The disclosing information sharing entity reasonably believes that sharing the confidential information may assist the receiving information sharing entity to carry out one or more of the following activities:
    1. making a decision, an assessment or a plan relating to a child or group of children
    2. initiating or conducting an investigation relating to a child or group of children
    3. providing a service relating to a child or group of children
    4. managing any risk to a child or group of children; and
  3. The information being disclosed or requested is not known to be ‘excluded information’ under Part 6A of the Child Wellbeing and Safety Act (and is not restricted from sharing by another law).

The legislative principles of the Child Information Sharing Scheme provide guidance in the application of the threshold (see the list of principles under the heading 'The purpose and legal status of these guidelines' in The Introduction).

If the threshold has been met, information sharing entities do not require consent from any person to share relevant information with other information sharing entities. However, information sharing entities should seek and take into account the views of children and family members about information sharing if appropriate, safe and reasonable to do so (see Chapter 2).

Threshold part 1: Promoting child wellbeing or safety

Before requesting or sharing confidential information under the Child Information Sharing Scheme, the first part of the threshold must be met. An information sharing entity must form a view that the request or disclosure is for the purpose of promoting the wellbeing or safety of a child or group of children.

Understandings of wellbeing and safety vary across the service system. These understandings are underpinned by a variety of best interests, educational, developmental, risk assessment and other professional frameworks related to the role and responsibility of the professional or service.

Threshold parts 1 and 2 can be used together. That is, an information sharing entity can consider the activities the receiving information sharing entity may use the information for (threshold part 2) in determining whether the information to be shared is for the purpose of promoting child wellbeing or safety (threshold part 1). In line with the legislative principles, a disclosing information sharing entity should work with a receiving information sharing entity, as required, to determine whether the information to be shared may assist the receiving information sharing entity to promote the wellbeing or safety of a child or group of children.

In any instance, information must not be used by the receiving information sharing entity to unlawfully limit, remove or prevent a child’s or a relevant family member’s access to services (for example, to screen a child before they are accepted for enrolment by a school). This would not promote the wellbeing or safety of the child. See Chapter 6 for more information on offences and complaints when using the scheme.

Children’s wellbeing and safety can also be understood within a human rights framework which includes the rights of a child to develop to their full potential, access services to support their health and education, participate in their communities and be protected from harm.1

For a child to experience wellbeing they need to be safe. Promoting safety means protecting children from risks of harm or incidents of harm. However, the concept of wellbeing is broader than safety alone and requires more than the absence of harm or risks of harm. Promoting wellbeing involves supporting a positive state that includes good health, positive relationships with adults, other children and community, and age-appropriate learning and development. Promoting wellbeing often includes prevention and early support measures, which may avoid the escalation of wellbeing issues into safety concerns.

It is intended that professionals will use judgement and practice frameworks when assessing whether information sharing meets the threshold for promoting the wellbeing or safety of a child or group of children.

Professionals should also seek and take into account the views of the child and relevant family members wherever appropriate, safe and reasonable to do so, to inform their assessment of and response to wellbeing and safety.

In some cases, what is understood by one professional to be a wellbeing issue may appear to another professional as a safety issue, depending on their professional lens and their experience working with a child and their family. For example, a child and family service may understand a young person’s intermittent drug use to be a safety risk, where another professional may understand it to be a wellbeing issue.

The Child Information Sharing Scheme allows sharing information to support collaborative service provision to children and respond to identified needs and risks, regardless of whether a professional considers the issue to relate to either wellbeing or safety.

Factors that may contribute to a professional’s understanding of how sharing information may promote a child’s wellbeing and safety include:

  • physical, psychological and emotional health and access to and engagement with services to support a child’s health and development
  • engagement in supportive relationships, particularly supportive family relationships, involvement in activities that enable a child’s personal, social and cultural development and connection to their culture and community
  • participation in education and access to resources that support the child to learn and develop
  • access to adequate, appropriate and safe accommodation, nourishment, protection from the elements and safe and stable environments in which to live, learn and grow.

There may be instances in which information needs to be shared to promote the wellbeing and safety of more than one child, including where one child poses a risk to another. In such cases, professionals should exercise their judgement to consider and balance each child’s wellbeing and safety to achieve the best possible outcomes for each child. This may require a particular focus on the needs of more vulnerable children.

For example, if a child is displaying behaviours that impact on other children’s wellbeing or safety (such as siblings or other children using a service), then the risks and needs of each child should be considered. Note that behaviours of concern may be an indication that a child requires additional specialised care, such as trauma-informed support.

Children’s individual identities and circumstances are important when considering what may promote their wellbeing or safety.

There are a range of wellbeing and safety considerations arising from the complexities that are part of children’s lives, including:

  • cultural, linguistic and place-based community participation (see below for considerations for Aboriginal and Torres Strait Islander communities)
  • identities including cultural, disability, sexual and gender identities
  • circumstances that increase vulnerability, such as homelessness or family violence
  • specific behavioural concerns including criminal behaviours
  • interactions with institutions like youth justice or statutory responses like child protection.

Information sharing entities should actively value and respect a child’s Aboriginal or Torres Strait Islander identity as a core aspect of their wellbeing and safety. Information sharing entities should also consider how information may be shared in a way that maintains trust and engagement with the service. See Chapter 2 for more guidance on maintaining engagement with children and families when sharing information.

Threshold part 2: Sharing information to assist another information sharing entity to undertake their activities

To meet the second part of the threshold, before disclosing information, an information sharing entity must form a reasonable belief that sharing the information may assist the receiving entity to carry out one or more of the following professional activities:

  • making a decision, an assessment or a plan relating to a child or group of children
  • initiating or conducting an investigation relating to a child or group of children
  • providing a service relating to a child or group of children
  • managing any risk to a child or group of children.

To assist in making a decision about whether the threshold for sharing has been met the responding information sharing entity making the disclosure may seek further information about the intended use of the shared information from the recipient information sharing entity. Information sharing entities should provide relevant information in a timely manner to minimise the risk that information sharing is unduly delayed.

Collaboration between different information sharing entities brings together the extensive child wellbeing and safety expertise, experience and capability across the service system. For example, professionals from a mental health service and a child and family service may share information to assist both services in identifying and responding to a child’s mental health and wellbeing needs. Similarly, service collaboration can bring together expert knowledge and skills to respond to the particular circumstances and identities of children. This may assist to promote a child’s cultural safety, for example, by facilitating collaboration with Aboriginal Community Controlled Organisations or Aboriginal liaison officers within organisations or services.

The Child Information Sharing Scheme may assist information sharing entities to make a full assessment of a child’s circumstances and history and identify any risks of cumulative harm. Cumulative harm may arise when wellbeing and safety issues combine to create a more serious risk to a child’s longer-term wellbeing or safety. For example, this may occur if a child has experienced a number of family breakdowns over a period of years, resulting in periodic housing instability and changing schools a number of times. In such cases, relevant services (such as housing, mental health and child and family services) should collaborate to bring together an appropriate range of expertise to assess and respond to the child’s needs.

Other circumstances in which information should be shared may include where an information sharing entity:

  • is not able to intervene directly to promote a child’s wellbeing or safety but another information sharing entity can. For example, if the information relates to a child who is not currently a client of that professional but is engaged with another relevant service who may be able to assist
  • wishes to convene a case conference or develop a collaborative plan to support a child with other services and needs to share information in order to do so.

If information sharing entities disagree about whether the threshold for sharing has been met, they should work together to identify opportunities to achieve the best outcome for the child. In all circumstances, the disclosing information sharing entity must be satisfied that the threshold has been met as required by law before sharing information. If an information request is declined under the Child Information Sharing Scheme, the reason for refusing the request must be provided to the requesting entity in writing and a record should be kept (see Chapter 5 for record keeping obligations under the scheme).

Examples - What is a child wellbeing or safety purpose’?

Threshold part 3: Excluded information

‘Excluded information' is information that cannot be collected, used or disclosed under the Child Information Sharing Scheme, as set out in Section 41Q of the Child Wellbeing and Safety Act.

Excluded information is any information that, if shared, could be reasonably expected to do the following:

  1. Endanger a person’s life or result in physical injury – this includes the child, their family or any other person. For example, if sharing the location of a child could be reasonably expected to pose a threat to the life or physical safety of the child or another person, this information should not be shared.
  2. Prejudice the investigation of a breach or possible breach of the law or prejudice the enforcement or proper administration of the law – including police investigations. For example, any information that could unfairly influence or reveal details of a police investigation or Commission for Children and Young People investigation.
  3. Prejudice a coronial inquest or inquiry. For example, information that could unduly influence a witness expected to give evidence before a coronial inquest.
  4. Prejudice the fair trial of a person or the impartial adjudication of a particular case. For example, if the information would unfairly influence the outcome of a proceeding.
  5. Disclose the contents of a document, or a communication, that is of such a nature that the contents of the document, or the communication, would be privileged from production in legal proceedings on the ground of legal professional privilege or client legal privilege. For example, if the information is legally privileged.
  6. Disclose or enable a person to ascertain the identity of a confidential source of information in relation to the enforcement or administration of the law. For example, if that information could reveal or be used to reveal the name of a person who has confidentially provided information to police.
  7. Contravene a court order or a provision made by or under the Child Wellbeing and Safety Act or any other Act that:
    • prohibits or restricts, or authorises a court or tribunal to prohibit or restrict, the publication or other disclosure of information for or in connection with any proceeding, or
    • requires or authorises a court or tribunal to close any proceeding to the public. For example, if information is part of a closed court proceeding.
  8. Be contrary to the public interest. For example, revealing information about covert investigative techniques.

Information sharing entities are not required to conduct investigations to determine that information is not ‘excluded information’ before sharing it. Rather, if they are aware that information falls within an excluded category then they are not permitted to share that information. For example, a disclosing entity does not have to investigate whether there are any open or planned legal proceedings that might be prejudiced by disclosing requested information that meets parts one and two of the threshold for sharing, but if the entity is aware of open proceedings that they reasonably expect could be prejudiced by the disclosure of the information, then they must not disclose that particular information.

Information sharing entities cannot share information known to be restricted under another law (see Chapter 4).

When information can be shared

Organisations are required to share and handle information appropriately, in accordance with legislative requirements under this scheme and other applicable legislation such as the Privacy and Data Protection Act 2014 and the Health Records Act 2001 (see Chapter 4).

When sharing information to identify, assess or manage the risk of family violence and respond to child wellbeing or safety, the Family Violence Information Sharing Scheme and the Child Information Sharing Scheme must be used together, guided by the MARAM Framework and children’s best interests and developmental frameworks. See Chapter 3 for more information about sharing information in a family violence context.

Requesting information

An information sharing entity may request information when it meets the first and third parts of the threshold. That is, the information being requested is:

  • to promote the wellbeing or safety of a child or group of children
  • not excluded information under the Child Information Sharing Scheme to their knowledge.

Information sharing entities should use professional judgement to decide which organisation or service to request information from, taking into account the following:

  • the activity the requesting information sharing entity is seeking to undertake and the type of information that may assist them
  • the roles and responsibilities of other information sharing entities and the information they are likely to hold
  • the currency and relevance of the information other information sharing entities are likely to hold.

The information sharing entity requesting the information should provide sufficient detail to enable the responding information sharing entity to make a decision about whether all three parts of the threshold have been met.

When making a request, an information sharing entity may disclose any confidential information that may assist the responding information sharing entity to:

  • identify the information they hold that is relevant to the request
  • form an opinion on whether the information may be disclosed under the scheme.

The record keeping requirements for voluntary disclosures apply (see Chapter 5 Record keeping and information management).

Responding to requests for information

Information sharing entities should provide relevant information in a timely manner if the request meets all three parts of the threshold for sharing under the scheme.

In many cases, timeliness will be critical to realising the benefits of information sharing. The requesting and responding information sharing entities should develop a mutual understanding about when the information is required, to allow appropriate action to promote a child’s wellbeing or safety. Information sharing entities should establish processes to streamline their approach to responding to information requests under the Child Information Sharing Scheme to minimise the risk of inadvertently delaying information sharing.

The responding information sharing entity may ask the requesting information sharing entity to provide further information about the request, in order to assist them to:

  • identify relevant information to respond to the request
  • form an opinion about whether the information may be disclosed under the Child Information Sharing Scheme (whether the disclosure meets the threshold).

Information sharing entities must comply with requests for information that meet the threshold for sharing, including where relevant information was originally obtained from another source.

An information sharing entity may also choose to voluntarily disclose additional information to what has been requested and which meets the threshold for sharing.

If an information sharing entity decides to refuse all or part of a request for information under the Child Information Sharing Scheme, it must provide the requesting entity with the reason for the refusal, in writing. For example, a written reason may state that information has not been disclosed because the information is excluded under the scheme or cannot be shared because it is restricted under another law.

Voluntary information sharing

Information sharing entities are encouraged to voluntarily (that is, proactively) provide information to another information sharing entity if doing so meets all three parts of the threshold for sharing, especially as part of an ongoing collaboration between services to provide tailored support to a child or family.

This may occur when an information sharing entity becomes aware of information that, in their professional judgement, may assist another information sharing entity to promote the wellbeing or safety of a child engaged with their service.

It is important that information sharing entities take reasonable care to verify the identity of the professional or service and ensure that they are an information sharing entity.

If an information sharing entity does not have an existing relationship with the person receiving or requesting information, then they should take reasonable steps to verify their identity. This may include asking them to send an email from an organisational account or calling them back via their organisation’s switchboard.

What information can be shared

Confidential information about any person that meets the threshold for sharing under the Child Information Sharing Scheme can be shared. ‘Confidential information’ is defined in the Glossary at Appendix 1.

Information that can be shared is broad and may also include:

  • professional judgements
  • plans and assessments
  • information obtained from other sources.

Historical information collected before the commencement of the scheme, as well as information collected after the commencement of the scheme, may be shared between information sharing entities if the threshold for sharing is met.

Once the threshold for sharing has been met, information sharing entities must still exercise their professional judgement in only sharing information to the extent necessary to promote the wellbeing or safety of a child or group or children. For example, while a case file may contain information that meets the threshold for sharing, the disclosing information sharing entity must still consider what specific information from the case file to share to achieve the particular objective.

Information that is shared with other information sharing entities should be as accurate and current as possible to best promote the wellbeing or safety of children. When sharing information that has been obtained from another source, information sharing entities should advise that the information came from another source and when the information was obtained, if appropriate, safe and reasonable to do so. For example, it may be appropriate to advise that information is law enforcement data obtained from Victoria Police, if known.

Drawing the attention of the receiving information sharing entity to the date an assessment was undertaken can help them decide whether a new assessment should be completed. Advising of the original source may allow them to seek additional information from that source, depending on the circumstances.

Sharing information with a child or family member

The Child Information Sharing Scheme permits information sharing entities to share information with a child, a person with parental responsibility for the child or a person with whom the child is living, for the more limited purpose of managing a risk to the child’s safety.

Information sharing entities should consider the following when determining whether to disclose information to a child or relevant family member to manage a risk to the safety of a child:

  • the nature and significance of the risk to the safety of the child
  • whether the information will enable the recipient to manage the risk to the safety of the child and, if so, what information will assist that person to manage the risk most effectively
  • whether any of the information proposed to be disclosed is known to be ‘excluded information’ under Part 6A of the Child Wellbeing and Safety Act or restricted from sharing under other legislation.

Information shared with a child or their relevant family members under the Child Information Sharing Scheme cannot be further used or disclosed by that person unless it is for the purpose of managing a risk to the child’s safety or as permitted by any other law.

Information sharing with family members and children in a family violence context presents particular and complex risks. Information sharing entities should refer to Chapter 1 of the Family Violence Information Sharing Guidelines for guidance on sharing information safely in these circumstances.

Consistent with the purpose of managing risks to children’s safety, information must not be shared with a perpetrator or alleged perpetrator of family violence, or other offence against a child, if it could put the child or another person at further risk.

Chapter 2 - Working collaboratively with children, families and services

Key points

  • The Child Information Sharing Scheme encourages information sharing entities to share information and collaborate with each other to better promote the wellbeing and safety of children in partnership with children and their families.
  • Children and their families are often well-placed to understand their needs and risks. Before requesting and disclosing information, information sharing entities should:
    • inform children and families of their obligation to share information and inform them each time their information is shared – whenever it is appropriate, safe and reasonable to do so
    • seek and take into account the views of the child or the relevant family members about sharing their confidential information – whenever it is appropriate, safe and reasonable to do so.
  • Professionals should be aware of their own preconceptions and biases when engaging with children and families navigating identities, backgrounds or circumstances different to their own.
  • Communicating clearly and openly with children and families about information sharing, including the purpose and likely benefits of sharing, can promote positive engagement with services, draw out additional considerations and enable professionals to form a more holistic view of a child’s circumstances and needs.

Informing the child and family about information sharing

In accordance with the legislative principles, information sharing entities should seek to maintain constructive and respectful engagement with children and their families.

Engaging children and their families with appropriate support services is an important aspect of promoting children’s wellbeing and safety. When approached in a respectful, supportive and accountable manner, information sharing can be a way for professionals to collaborate to maximise benefits for children and families. It can facilitate access for children and their families to the services they need, ensure relevant expertise is available and enable tailored and responsive service provision.

Maintaining a child and their family’s engagement with services can be encouraged by being transparent and accountable and informing children and their families about the information sharing entity’s obligations under the Child Information Sharing Scheme. This should include explaining the threshold that needs to be met before information can be shared and who information can be shared with.

Information sharing entities should explain their obligations to share information under the Child Information Sharing Scheme (as well as other relevant laws) to the child and their family as close as possible to the commencement of their engagement with the service.

Discussing information sharing with children and their families provides an opportunity to explain the benefits of information sharing and identify any concerns.

This discussion should include explaining:

  • the threshold that needs to be met before information can be shared
  • who information can be shared with
  • that the information sharing entity will seek the views of the child and/or any relevant family members about information sharing whenever it is appropriate, safe and reasonable to do so
  • that those views will be taken into account in relation to information sharing
  • that consent is not required to share information if the information sharing entity considers sharing would promote the wellbeing or safety of a child
  • the benefits of information sharing and how information may be used to promote child wellbeing or safety.

When sharing a person’s information under the Child Information Sharing Scheme, information sharing entities should make reasonable efforts to notify that person as soon as practicable. However, information sharing entities should not provide notification if doing so would be contrary to the promotion of the wellbeing or safety of a child or may pose a serious threat to a person’s life, health, safety or welfare.

See Chapter 4 for more information on notification requirements under other laws.

Some children and families may be concerned about their information being shared. This could affect their willingness to disclose information and may impact their continued engagement with services. Concerns about information sharing raised by a child or their family should be considered and discussed with them. Discussing these concerns may help to inform the assessment of any risks to children’s wellbeing and safety and help to avoid unintended outcomes of information sharing.

Seeking the views of a child or family member about information sharing

A child or young person and their family are likely to have a unique understanding of what may promote the wellbeing or safety of that child, and whether information sharing under the Child Information Sharing Scheme may assist in providing better services. This is particularly important where children and families are navigating identities, backgrounds or circumstances different to that of the professional.

Providing children and their families with opportunities to express their views about information sharing, and inform the process of information sharing, is important to promoting constructive and respectful engagement with services.

Information sharing entities should seek the views of the child or relevant family members at the start of service engagement and in each instance of information sharing whenever it is appropriate, safe and reasonable to do so. This is because a child or family member’s views about information sharing may change over the duration of their engagement with a service provider. Personal circumstances, the nature and maturity of the relationship between the professional and client, the anticipated outcomes of sharing information or the phase of service delivery may influence the child or family member’s views about their information being shared. Seeking the views of the child or family member each time information is shared under the scheme may also assist the professional to assess the dynamic wellbeing and safety needs of children and young people.

Professionals should be mindful that the specific circumstances of a child or family can impact on their response to the prospect of information sharing and their willingness to directly raise concerns. For example, a lack of cultural safety, concern about homophobia, lack of adequate communication support for a person with disability or concern about being reported to statutory authorities may limit what a child or family member will share.

Some children and families may appear to agree to the sharing of information even when they have concerns, in order to avoid perceived or actual negative consequences. They may also disengage from a service entirely rather than express disagreement. It is important that information sharing entities support and encourage the expression of any concerns, doubts or anxieties and respond sensitively, with due consideration of the circumstances children and families may be facing.

There are some cases where it may not be appropriate, safe and reasonable to seek the views of the child or family. This may occur:

  • If it is inappropriate: for example, if a young person is living independently and family members no longer have access to their personal information.
  • If it is unsafe: for example, if it is likely to jeopardise a child’s wellbeing or safety or place another person at risk of harm.
  • If it is unreasonable: for example, if the child or their relevant family member is not currently a client of the information sharing entity or there is urgency to share the information and the child or family cannot be reached.

There are requirements to record the views of children and parents, and whether they have been informed about their information being shared. See Chapter 5 for record keeping requirements under the scheme.

Considerations for seeking the views of a child or young person

A child or young person may have extra insight of the issues affecting their own wellbeing or safety and preferences for how those issues should be disclosed. The inclusion of children and young people in decisions about sharing their information can empower them to contribute to their own wellbeing and safety. It can also assist the information sharing entity to avoid unintended outcomes.

The age, maturity and circumstances of the child or young person should help determine if it is appropriate, safe and reasonable to seek their views, and if so, how these views might best be sought and taken into account. Children and young people of all ages may be capable of expressing views about information sharing and professionals should provide appropriate support for them to do so.

This may include using different communication techniques (such as pictures or simple language) or providing additional support for younger children or children from marginalised groups, such as children who do not speak English as a first language or children with a disability.

Young people and older children in particular are likely to be able to contribute to decisions about their wellbeing and safety, including decisions about how their information is shared. Their views should be given due weight by professionals.

Information sharing entities should also consider whether seeking a child or young person’s views in relation to information sharing might increase risk to the child or another person, in which case it may not be appropriate, safe or reasonable to do so.

Professionals should use their judgement to assess whether a child or young person requires a family member to participate in a discussion about information sharing, prioritising the wellbeing and safety of that child or young person.

Considerations for seeking the views of a child’s relevant family members

If the professional forms the view that it is appropriate, safe and reasonable to seek the views of a relevant family member or members, they should explain the process for sharing information under the Child Information Sharing Scheme and listen to any concerns that the family member may have. This discussion may assist professionals to make more informed decisions about information sharing and the services they deliver to better respond to the needs and risks of the child in their broader family context.

In having these conversations with children and their family members, information sharing entities will often want to discuss the confidential information they are proposing to share. Information sharing entities must take care to ensure that any information sharing that occurs during these conversations is authorised under the scheme or other laws (see Chapter 4 – Relationship of the scheme with other laws, for more information). For example, disclosure of a person’s own information to the person or their guardian is authorised under law, while disclosure of a third party’s information may not be.

In some cases, a professional may form a view that it is not appropriate, safe or reasonable to seek the views of a relevant family member. This may occur where a young person is able to make their own decisions, for example a young person who may be living independently or who may be a parent themselves. If a family member is a perpetrator or alleged perpetrator of any form of abuse (including family violence), then it would not be appropriate, safe or reasonable to seek their views.

Whether an information sharing entity should seek the views of a child’s relevant family members may also depend on the nature of the relationship between the information sharing entity and that child or young person. If an information sharing entity works directly with a child or young person, without parental participation, it may not be appropriate, safe or reasonable for a family member to be involved. Alternatively, if parental participation is a key component of the service delivery (or if a service is provided primarily to adults), it may be more appropriate for the information sharing entity to continue to involve parents when seeking views about information sharing.

There may be situations in which a child and their parents disagree about information sharing. In this instance, information sharing entities should use their professional judgement to balance different points of view and take these perspectives into account when determining what would best promote the child’s wellbeing or safety.

Why seek the views of the child and relevant family members?

  • Victoria is a signatory to the Convention on the Rights of the Child, which explicitly protects the right of a child to express their views freely in all matters affecting them, and to have those views given due weight in accordance with their age and maturity when making decisions that affect the child. Aim to do “with” the child, not “to” the child.
  • The requirement to seek the views of the child under the scheme promotes the child’s agency. The requirement to “take into account” (rather than “adopt”) the views of the child allows for exercise of professional judgment taking into account the particular circumstances of a child.
  • The Victorian Charter of Human Rights recognises families as the fundamental group unit of society. The Charter also recognises that families are entitled to be protected by society and the State.
  • Family and child wellbeing are inextricably linked. Under the legislative principles you should seek to preserve and promote positive relationships between a child and the child’s family members and persons of significance to the child.
  • Seeking the views of relevant family members may assist in identifying risks to the child, including any risks of sharing information.
  • Decisions about whether to include family members in a conversation, and which family members to include, should always be made in line with the child’s best interests. See “Who should be involved in the conversation?” below.

When to seek the views of the child and relevant family members?

  • Whenever safe, reasonable and appropriate, seek the views of the child and relevant family members about information sharing at the start of service engagement, after you have explained your obligations to share information and the applicable thresholds and principles.
  • In each instance of information sharing you should (whenever safe, reasonable and appropriate) seek the child and relevant family members’ views about sharing information before deciding:
    • whether sharing the information will promote the wellbeing or safety of the child
    • if so, what information to share, how to share, when to share, and with whom.

Examples - Circumstances where it may not be safe, reasonable or appropriate to seek views

You should proceed on the basis that it is safe, reasonable and appropriate to seek the child and/or any relevant family members’ views, unless you are aware of indications that it may be unsafe or particular circumstances exist making it unreasonable or inappropriate.

What information is relevant to seeking the views of the child and relevant family members?

  • Seek the child and relevant family members’ views (wherever safe, reasonable and appropriate) about any sharing that may take place to promote the child’s wellbeing or safety. This includes proposed sharing of the child’s and/or family members’ information and/or the information of third parties. Information sharing entities must take care to ensure that any information sharing that occurs during these conversations is authorised under the scheme or other laws. For example, disclosure of a person’s own information to the person or their guardian is authorised under law, while disclosure of a third party’s information may not be.

Who should seek the views of the child and relevant family members?

  • Wherever possible a person from the information sharing entity with an ongoing positive relationship with the child should be included in the conversation. This may not always be a person who has information sharing responsibilities in an organisation. For example, where an assistant principal has been identified by the school as the person responsible for sharing under the scheme, the appropriate person to have a conversation about information sharing with a child might be their home room teacher, sport teacher or school counsellor.
  • You should also include relevant family members in the conversation (wherever safe, reasonable and appropriate).
  • The main purpose for including family members in the conversation is to promote the wellbeing and safety of the child, by promoting and preserving the role of the family member in fostering the wellbeing and safety of the child and the family unit. Family members who are most closely connected to the child’s wellbeing and safety are the most relevant family members to include in a conversation about sharing information about a child or any other person, in relation to the child’s wellbeing or safety.
  • Where a child’s views will not be sought because it is unsafe, unreasonable or inappropriate to do so, seeking a relevant family member’s views (where safe, reasonable or appropriate) may be an increased priority if this may support the child’s wellbeing or safety.

How to seek the views of the child and relevant family members?

  • Plan in advance how you will conduct the conversation. If the person who will have the conversation is not the person who will be directly involved in decision-making and sharing the information, decide who will be present for the conversation. For example, the person who has the relationship with the child and/or relevant family members may:
    • conduct the conversation on their own and report back to the staff member responsible for sharing
    • lead the conversation with the responsible sharer present, or
    • introduce the responsible sharer and be present while the responsible sharer leads the conversation.
  • If you are including relevant family members in the conversation, determine in advance how you will approach this. It may be appropriate to seek the views of relevant family members before the conversation with the child, to gauge their support and plan the engagement with the child, for example if a strong negative reaction is anticipated from the child and the relevant family member’s views are not known. Alternatively, it may be appropriate to first engage the child and then consider together whether or how to seek the views of relevant family members. This may be the case where a child is older and is independently making sound decisions about an issue, and the family’s views are likely to be in conflict with the child’s.

What does it mean to “take into account” the views of the child and relevant family members?

  • It is not enough to simply gather the views of the child and relevant family members. You should take these views into account. That is, actively incorporate them when you are deciding whether, what, when and how much to share, and who to share with, wherever possible.
  • Factors to consider when taking into account a child’s views include their age, their maturity, their vulnerability, their ability to clearly express their views, and their competence to understand the nature and consequences of particular decisions. For example, an information sharing entity may give significant weight to the views of a mature young person aged 17 who expresses a clear wish not to include their family members in a conversation about information sharing. See also Considerations for seeking the views of a child or young person.
  • The views of the child and relevant family members can be a significant part of deciding whether sharing would promote the wellbeing or safety of the child. In exceptional circumstances the benefits of sharing information may be overridden by strong indications that the sharing would negatively affect the wellbeing or safety of the child, for example a strong likelihood of service disengagement. In all cases you should consider whether you can reduce the possible harm of sharing by managing the risk so that it is safe to share.
  • Where there are significant concerns about sharing information, consider the following options, which may be appropriate, depending on the full set of circumstances surrounding the child.
    • Validate concerns and reinforce the specific benefits of sharing the information in an age appropriate way.
    • Identify any misunderstandings about the process that may be causing concern and provide further information to address this.
    • What and how you share and who you share with may be adjusted based on views expressed, as determined in the best interests of the child.

Keeping records about seeking the views of children and relevant family members (refer to Record keeping and information management)

  • There are a range of record keeping requirements under the scheme. The information below only highlights the requirements relating to seeking and taking into account the views of the child and/or relevant family members.
  • You must record:
    • whether the views of the child and/or their relevant family members were sought
    • whether the views of the child and/or their relevant family members were obtained
    • whether the child and/or their parent was informed that their information was or would be disclosed.
  • It is good practice to record:
    • whose views were sought
    • what the views of the child and/or relevant family members were about sharing the information (if obtained)
    • how the views were taken into account
    • if the child and/or parent was not notified that their information was or would be shared, the reason for this.

When recording this information make sure you do it in a sensitive way. Do not use judgmental or stigmatising language. Distinguish between factual information and opinion.

Sharing information respectfully and maintaining engagement

Some children and families may not have had positive experiences with services in the past. This may include experiencing stigma or discrimination, or facing challenges in accessing appropriate services that met their needs. This could be the case for children and families from Aboriginal and Torres Strait Islander communities, children with a disability, children from other cultural backgrounds, children who use violence or who have been involved with the justice system. In some cases, there may be a risk of service disengagement associated with sharing information about a child or family member.

Professionals should be mindful of these issues and factor them into consideration of whether information sharing meets the requirement to promote the wellbeing or safety of a child under the Child Information Sharing Scheme’s threshold for sharing. If there is significant concern about service disengagement, information sharing entities should carefully consider what information should be shared and when, prioritising the wellbeing and safety of any children involved. Sharing information in a selective and appropriate manner may be particularly important in small communities such as rural and remote areas.

For services working primarily with adults, if the adult is also a parent or carer, information sharing entities should share information to promote the wellbeing and safety of the child or children within that family, whilst continuing to engage with the adult. Information sharing entities will use professional judgement to balance various wellbeing and safety considerations for children, in order to determine whether the threshold for sharing has been met. Any decision to limit sharing should be considered very carefully, given a lack of information sharing between professionals has been identified as a significant contributing factor to risk and harm to children.

The Child Information Sharing Scheme may actively help to promote service engagement and minimise the risk of stigma or discrimination. Increased collaboration between relevant services and specialists may equip services to respond to the specific needs and risks of each individual child, including consideration of their identity, community and circumstances. For example, consultation with an Aboriginal Community Controlled Organisation may assist a Maternal and Child Health service to determine how information should be shared to promote the wellbeing and safety of a particular Aboriginal child within their family context. This could include improving cultural safety and providing other support to improve outcomes and maintain the family’s engagement with the service.

To appropriately consider the circumstances and identities of child and family members when sharing information under the scheme, professionals should:

  • acknowledge and build on the strengths and capabilities of children, young people and families, including taking into account their views if appropriate, safe and reasonable to do so, as outlined in this Chapter
  • work to build trust by being open and transparent about information sharing and keep the child and family informed as outlined in this Chapter
  • build a mutually respectful relationship by acknowledging and showing respect for the child or young person’s individuality, identity and experiences
  • reflect on your personal biases and how this might impact upon the understanding or assumptions made about a child or young person’s needs or capabilities
  • acknowledge and respond to concerns or complaints in a timely and respectful manner
  • if possible, engage with specialist services or professionals who are appropriately qualified to support the particular needs of the child or young person if required.

Chapter 3 - Sharing information in the context of family violence

Key points

  • Family violence has significant impacts on children’s wellbeing and safety, and is likely to co-exist with other wellbeing and safety issues for children.
  • In the context of family violence, information sharing entities must use the Multi-Agency Risk Assessment and Management Framework (MARAM Framework) to guide:
    • information sharing under the Family Violence Information Sharing Scheme to identify, assess and manage family violence risk to children and adults; and
    • information sharing under the Child Information Sharing Scheme to promote the wellbeing or safety of children more broadly, supported by relevant best interests and developmental frameworks.
  • Information sharing entities must plan for and maximise the immediate and ongoing safety of children and other family members, being mindful that sharing information in the context of family violence may pose particular and complex risks.

Intersection of Child and Family Violence Information Sharing Schemes

This chapter applies to information sharing entities prescribed under the Child Information Sharing Scheme (see Appendix 2), as well as those prescribed under one or both of the following:

  • the Multi-Agency Risk Assessment and Management Framework (MARAM Framework), which sets out the responsibilities of different workforces in identifying, assessing and managing family violence risk across the family violence and broader service system
  • the Family Violence Information Sharing Scheme, which enables information sharing to facilitate assessment and management of family violence risk to children and adults.

Information sharing entities should refer to the MARAM Framework and the Family Violence Information Sharing Guidelines for more specific detail on applying these initiatives (see Appendix 3 for links to resources).

The interface of the Child Information Sharing Scheme with other legal obligations, including mandatory reporting and privacy law, is set out on Chapter 4 of these guidelines.

Information sharing entities must use the MARAM Framework to guide information sharing under the Family Violence Information Sharing Scheme to identify, assess and manage family violence risk to children and adults.

The MARAM Framework and relevant best interests and developmental frameworks will guide sharing under the Child Information Sharing Scheme to assess and respond to the wellbeing or safety of children more broadly within a family violence context.

The Child and Family Violence Information Sharing Schemes share a similar model and are designed to complement each other, to enable services to share information to respond to the range of needs and risks facing children and families. The schemes align in a number of ways, including:

  • broadly consistent information sharing entities and record keeping requirements
  • similar protections for professionals who share in good faith and with reasonable care
  • prioritising children’s safety over any individual’s privacy.

The key difference between the two schemes is the purpose for sharing. The Family Violence Information Sharing Scheme permits sharing for the purpose of assessing or managing family violence risk, while the Child Information Sharing Scheme permits information sharing to promote the wellbeing or safety of a child or group of children. However, these purposes have substantial overlap, as outlined under the next heading 'Children and family violence'.

Children and family violence

Experience of family violence as a child or young person can have serious long-term wellbeing and safety impacts, whether the behaviour is directed towards a child or towards others in their family or household. This can include substantial trauma, ongoing mental health difficulties, impacts on general health and wellbeing, effects on learning and social and emotional development. Each child’s needs and risks should be assessed both individually and within their family context, and should take into account risks of family violence to other family members such as parents or siblings.

Children who experience family violence require appropriate support and services to assess and manage the complex needs they are likely to have. Additionally, children who experience family violence may be more vulnerable to other risks that impact on their wellbeing and safety, such as institutional abuse.

Young people may also use family violence themselves. In some of these cases, young people using family violence may also be victims of violence. If a young person is using family violence, the MARAM Framework must guide:

  • the sharing of information under the Family Violence Information Sharing Scheme to assess and manage the risk of family violence to adults or children
  • the sharing of information under the Child Information Sharing Scheme to promote the wellbeing or safety of children and young people who are affected by, and/or using violence.

See Chapter 6 of the Family Violence Information Sharing Guidelines and the MARAM Framework for more details about how to respond to a young person using family violence and how to share information safely.

As stated earlier, in a family violence context, a child’s needs and risks are significantly influenced by the needs and risks of their family members.

Information sharing entities should plan for and maximise the immediate and ongoing safety of children and all family members at risk of family violence, as discussed under the next heading 'Sharing information safely if family violence risk is present'. It is also important that promoting each individual child’s long-term wellbeing and safety remains a consideration throughout service engagement.

Sharing information safely if family violence risk is present

Sharing information in the context of family violence may pose particular and complex risks for children and other family members.

Care should especially be taken when sharing information that may disclose a child or another family member’s whereabouts, including where the child or family is living or services they attend. However, risks related to information sharing are not always easily identified, so it is important to access relevant expertise.

As set out in the MARAM Framework, information sharing entities should engage with services that are authorised and skilled (including those located within The Orange Door Network) to determine appropriate actions and promote collaborative practice around families and children. The Family Violence Information Sharing Scheme may enable voluntary sharing to support this collaboration.

Under the MARAM Framework, a family violence risk assessment will be undertaken by a professional with appropriate expertise and a safety plan will be prepared for the child and other family members at risk. Safety plans specifically address potential risks posed by sharing information and provide guidance about what should be considered. Information sharing should occur in accordance with a relevant safety plan. Information sharing entities must retain copies of relevant risk assessments and safety plans. See Chapter 5 for a full list of record keeping requirements.

It is important to note that the potential misidentification of a victim survivor or perpetrator of family violence may mean that information sharing has unintended consequences. Information sharing entities are encouraged to exercise their professional expertise, and to seek additional support as necessary. See Chapter 3 of the Family Violence Information Sharing Guidelines and the MARAM Framework for more details about how to respond when it becomes apparent that a perpetrator or victim survivor of family violence has been misidentified.

It is intended that professionals will exercise their judgement and utilise appropriate frameworks and expertise to determine the safest and most effective approach in each circumstance.

Chapter 4 - Relationship of the scheme with other laws

Key points

  • Child Link is a digital tool that complements the operation of the Child Information Sharing Scheme for authorised professionals within certain information sharing entities.
  • Sharing information for children’s safety is already permitted, and in some cases required, under other laws, such as the Privacy and Data Protection Act, the Health Records Act, the Children, Youth and Families Act and the Crimes Act 1958.
  • Organisations and services, including those not prescribed under the Child Information Sharing Scheme, should share information as permitted or required under other laws.
  • Secrecy and confidentiality provisions in other laws still apply, unless they have been expressly overridden by the Child Information Sharing Scheme.

Child Link commenced operation in December 2021 and forms part of Victoria’s Child Information Sharing reform, alongside the Child Information Sharing Scheme. Child Link supports the Child Information Sharing Scheme by combining information from existing government source systems into a single entry for every Victorian child, in accordance with Part 7A of the Child Wellbeing and Safety Act.

Professionals working with children need readily available, accurate information on children in their care to support early identification of risks and vulnerabilities. Early and more responsive information sharing can empower professionals to identify issues and vulnerabilities, provide earlier supports and prevent the escalation of risk into harm.

Child Link creates an entry for each Victorian child from birth to 18 years of age at the time a child first interacts with one of the prescribed early childhood or education services, maternal and child health services or if a child protection order is made in respect of the child. The information displayed on Child Link is limited by legislation and will include key information about a child and the child’s participation in key early childhood and education services.

The professionals who may be authorised to be Child Link Users are limited to specific roles which have responsibility for child wellbeing and safety and is restricted by law. Some of the authorised professionals permitted to become Child Link Users include Maternal and Child Health nurses, school principals and key staff at schools, early childhood teachers, and Child Protection practitioners.

Child Link Users will work for an information sharing entity; however, not all information sharing entities will have Child Link Users. Child Link Users may disclose confidential information contained in Child Link in accordance with disclosure provisions within Part 7A of the Child Wellbeing and Safety Act and under the Child Information Sharing Scheme.

The Child Link Secretary’s Guidelines outline Child Link’s policy, operational and technological features, and provide context to Part 7A of the Child Wellbeing and Safety Act, including how information from Child Link may be shared under the Child Information Sharing Scheme.

Other information sharing permissions and obligations

There is a range of information sharing mechanisms outside the Child Information Sharing Scheme.

Organisations and services should share information and collaborate with other services as permitted by law, whether the Child Information Sharing Scheme or another law, such as the Privacy and Data Protection Act, the Health Records Act or the Children, Youth and Families Act.

Child safety reporting and information sharing obligations continue to apply, including:

  • mandatory reporting obligations, reporting to child protection if there is a significant risk of harm, and information sharing with child protection under the Children, Youth and Families Act
  • obligations created by the ‘Failure to Protect’1 and ‘Failure to Disclose’2 offences under the Crimes Act
  • sharing information about Reportable Conduct Scheme allegations and investigations under the Child Wellbeing and Safety Act.

Information sharing entities are required to meet the data security standards of laws that apply to them.

Information sharing under privacy law

The Child Information Sharing Scheme does not affect the collection, use or disclosure of confidential information that is permitted by the Privacy and Data Protection Act, Health Records Act or any other existing privacy laws.3

Existing privacy laws permit sharing information in a range of circumstances such as:

  • with the consent of the client
  • in a number of circumstances including to lessen or prevent a serious threat to the life, health, safety or welfare of a person
  • for the primary or a related secondary purpose for which the information was collected.

The Health Records Act continues to apply to any information sharing entity that is a public sector body, a private health service provider or any other organisation that collects, holds or uses health information, including health information shared under the scheme.

The Child Information Sharing Scheme makes certain modifications to the Information Privacy Principles and the Health Privacy Principles to ensure that the scheme is able to operate as intended. Specifically:

  • information sharing entities are not obliged to collect personal or health information about an individual directly from that person (as might otherwise be required under Information Privacy Principle 1.4 or Health Privacy Principle 1.3) if they are collecting the information from another information sharing entity under the scheme
  • if an information sharing entity collects personal or health information about a person from another information sharing entity under the scheme, it will not be obliged to take reasonable steps to notify that person that their information has been collected (as might otherwise be required under Information Privacy Principle 1.5 or Health Privacy Principle 1.5) if doing so would be contrary to the promotion of the wellbeing or safety of a child
  • information sharing entities will not be obliged to obtain consent from any person before collecting information under the scheme, including ‘sensitive information’ for the purposes of Information Privacy Principle 10.1 (such as information about a person’s criminal record) if they are sharing in accordance with the scheme.

The following section provides more information about notification requirements under the Privacy and Data Protection Act and the Health Records Act.

Existing notification requirements under privacy law

If an organisation collects information directly from the person to whom the information belongs, Information Privacy Principle 1.3 and Health Privacy Principle 1.4 require the organisation to ‘take reasonable steps’ to make that person aware of particular matters at or before the time the information is collected, or as soon as practicable after.

These particular matters include:

  • the identity of the organisation collecting the information and its contact details
  • the fact that the individual is able to gain access to the information
  • the purposes for which the collection is collected
  • any parties (or types of parties) to which the information of that kind is usually disclosed
  • any law that requires the information to be collected
  • the main consequences (if any) for the individual if they do not provide all or part of the information sought.

An information sharing entity is only obliged to give notice to the person to whom the information relates if it is reasonable in the circumstances to do so. For example, it may be unreasonable to take steps to provide an organisation’s contact details, where the person has initiated the contact with the organisation and is therefore already aware of this information.

Similarly, it may be considered unreasonable to give notice about access rights to information, where giving access would not promote the wellbeing or safety of a child, or would raise personal safety risks for other individuals.

All information sharing entities should review their forms and other relevant documents used to facilitate the collection of client information (such as client privacy policies and service induction material) to ensure that these adequately cover notice requirements.

If information sharing entities wish to share information collected prior to the scheme’s commencement, they must also consider what reasonable steps can be taken to make individuals aware of relevant changes to the way their information is to be handled. Relevant changes are those that are likely to have a direct impact on personal privacy, consent requirements, or a person’s engagement with a service.

For example, if the individual is contactable and it is safe to do so, an updated collection notice could be provided to them. The means of communication should take into account their privacy and any risks that contacting them directly might pose to themselves or another person.

In some cases, a collection notice in use prior to the scheme’s commencement will be sufficient and may not need to be updated if its wording already covers information handling and sharing of the kind intended by the Child Information Sharing Scheme.

Secrecy and confidentiality provisions

Secrecy and confidentiality provisions continue to apply unless expressly overridden by the Child Information Sharing Scheme (outlined below). In other words, if information is restricted from being shared under another law, and that law has not been overridden by the scheme, then these restrictions continue to apply. All organisations should be aware of their obligations under other laws.

Provisions that the Child Information Sharing Scheme overrides

The Child Information Sharing Scheme overrides the following provisions in other Victorian legislation to improve information sharing and allow the scheme to operate as intended:

Table 1: Legislative provisions overridden by Part 6A of the Child Wellbeing and Safety Act 2005

Information obtained in the following official capacities
Legislation overridden by the Child Information Sharing Scheme Information that can be shared under the Child Information Sharing Scheme
Section 132ZC Disability Act 2006 A person who is the Disability Services Commissioner, acting Disability Services Commissioner, or a delegate, employee or engaged by the office of the Disability Services Commissioner in the exercise of their powers under the Disability Act 2006.
Section 55 Commission for Children and Young People Act 2012 As a Commissioner, delegate of the Commissioner, authorised person or member of staff of the Commission for Children and Young People.
Section 41B Child Wellbeing and Safety Act 2005 As a Commissioner, delegate of the Commissioner, authorised person or member of staff of the Commission for Children and Young People.
Information collected or obtained in the following ways
Legislation overridden by the Child Information Sharing Scheme Information that can be shared under the Child Information Sharing Scheme
Section 207(2) Children, Youth and Families Act 2005 From a protection report provided to a police officer from the Secretary of the Department of Families, Fairness and Housing.
Section 140 Confiscation Act 1997 Disclosed in the course of performing a duty under or in connection with the Confiscation Act 1997 or in connection with law enforcement.
Section 36 Disability Act 2006 Because of a person’s appointment as a community visitor.
Section 39 Disability Act 2006 Relating to the provision of disability services that may identify a person and was acquired in an official capacity by:
  • a person appointed to any office or engaged under the Disability Act 2006;
  • a disability service provider or person employed or engaged by a disability service provider or a provider of services under the Disability Act 2006; or
  • a person who is or has been a member of staff of the public service for the purposes of the Disability Act 2006.
Section 23 Human Services (Complex Needs) Act 2009 By a person in their capacity as:
  • The Secretary of the Department of Families, Fairness and Housing or a person engaged by or employed on behalf of the Secretary;
  • a person who is or has been involved in the management of, engaged or employed at or worked for or at a service provider to whom a person has been referred to for the development of a care plan or a service provider identified in a care plan; or
  • a person who is or has been involved in the management of, engaged or employed at or worked for or at, a person or organisation that provides or has provided welfare services, health services, mental health services, disability services, drug and alcohol treatment services, offender services, emergency services or housing and support services to an eligible person under the Human Services (Complex Needs) Act 2009.
Section 181 Personal Safety Intervention Orders Act 2010 By a police officer for the purpose of locating a respondent to serve a respondent with a document under the Personal Safety Intervention Orders Act 2010.
Firearms licences
Legislation overridden by the Child Information Sharing Scheme Information that can be shared under the Child Information Sharing Scheme
Section 181 Firearms Act 1996 Information with respect to firearms licences
Information about proceedings, orders or warrants
Legislation overridden by the Child Information Sharing Scheme Information that can be shared under the Child Information Sharing Scheme
Section 537(3) Children, Youth and Families Act 2005 Information on the court register.
Section 582(5) Children, Youth and Families Act 2005 Information that may be of use in the enforcement of court orders and fines.
Section 18(3) Magistrates’ Court Act 1989 Orders of the Court and other matters entered into the register.
Section 99A(5) Magistrates’ Court Act 1989 Information obtained by the infringements registrar, the sheriff or any contractor or subcontractor supporting the functions of the Infringements Court of the sheriff that may be of use in the enforcement of court orders and fines.
Section 347(2) Mental Health Act 2014 Health information from an electronic health information system.
Sections 5.3A.10 and 5.3A.14 Education and Training Reform Act 2006 A Victorian student number or related information.

This means that information can be shared under the Child Information Sharing Scheme, even if one of the listed provisions would otherwise restrict information from being shared. It is important to note that these provisions are only overridden if an information sharing entity is lawfully sharing in accordance with the Child Information Sharing Scheme. Otherwise, the provisions will continue to restrict any sharing of information outside the Child Information Sharing Scheme.

Penalties may apply for the unauthorised sharing of information.

Information sharing entities should ensure that they and their staff are aware of:

  • any privacy, secrecy or confidentiality provisions that apply to them
  • the circumstances in which those provisions continue to restrict the sharing of information, and when they are overridden by the Child Information Sharing Scheme.

Provisions that the Child Information Sharing Scheme does not override (key legislative provisions that continue to apply)

Secrecy and confidentiality provisions continue to apply unless expressly overridden by the Child Information Sharing Scheme.

In other words, if information is restricted from being shared under another law and that law has not been overridden by the Child Information Sharing Scheme then these restrictions continue to apply. All organisations should be aware of their obligations under the law.

Please be aware that Table 2 is not an exhaustive list of all the information restrictions contained in all Victorian legislation that have not been overridden by the Child Information Sharing Scheme. Table 2 is an attempt to capture the information restrictions contained in Victorian legislation that may be relevant to the sharing of information concerning a child or group of children and therefore which may be important to consider when intending to share information under the Child Information Sharing Scheme.

Table 2: Key legislative provisions that continue to apply

Details of an investigation
Victorian legislation restricting information sharing Information that cannot be shared under the Child Information Sharing Scheme
Children, Youth and Families Act 2005 Details of an investigation into a registered foster carer or out-of-home carer, or information that a person is a disqualified carer, under Part 3.4 of the Children, Youth and Families Act 2005 should not be shared unless that Act allows it.
Information that can identify certain persons
Victorian legislation restricting information sharing Information that cannot be shared under the Child Information Sharing Scheme
Children, Youth and Families Act 2005 The identity of a person who has made a protective intervention report or a wellbeing and safety report to Child Protection or a referral to Child FIRST under the Children, Youth and Families Act 2005 should not be shared unless that Act allows it.
Section 330(1) Crimes Act 1958 The identity of a person that has made a disclosure about a sexual offence committed against a child under the age of 16 years under Section 327(2) of the Crimes Act 1958 should not be shared unless that Act allows it.
Serious Offenders Act 2018 The Serious Offenders Act 2018 places restrictions on the use and disclosure of information on a supervision, detention or emergency detention order and information should not be shared unless that Act allows it.

Section 284 of the Serious Offenders Act 2018 allows for the sharing of information in certain circumstances, including to respond to, lessen or prevent a threat to the life, health, safety or welfare of any person.

Information acquired through the following conciliation or alternative dispute resolution
Victorian legislation restricting information sharing Information that cannot be shared under the Child Information Sharing Scheme
Section 40J Legal Aid Act 1978 A person who attends an alternative dispute resolution program under Section 40J of the Legal Aid Act 1978 may only disclose the information acquired as a result of the alternative dispute resolution program under that Act.
Children, Youth and Families Act 2005 A person who attends a conciliation conference under Part 4.7 of the Children, Youth and Families Act 2005 is subject to confidentiality provisions and may only disclose information if that Act allows it.
Information contained in particular assessment reports
Victorian legislation restricting information sharing Information that cannot be shared under the Child Information Sharing Scheme
Various Acts (including but not limited to Section 73H of the Family Violence Protection Act 2008 and Section 53 of the Personal Safety Intervention Orders Act 2010) Information contained in Children’s Court Clinic Reports should not be shared unless the legislation under which the Report was ordered permits it or the Court orders that the information can be shared.
Sex offenders register
Victorian legislation restricting information sharing Information that cannot be shared under the Child Information Sharing Scheme
Sex Offenders Registration Act 2004 The Sex Offenders Registration Act 2004 places restrictions on the use and disclosure of information that is contained on the sex offenders register and information should not be shared unless that Act allows it. (Note: a perpetrator’s criminal history may be shared separately from their status on the register).
Criminal intelligence
Victorian legislation restricting information sharing Information that cannot be shared under the Child Information Sharing Scheme
Sections 84 and 85 Criminal Organisations Control Act 2012 Information that is protected criminal intelligence or that was subject to a protection application not granted by the court under the Criminal Organisations Control Act 2012 should not be shared unless that Act allows it.
Information related to organised crime offences
Victorian legislation restricting information sharing Information that cannot be shared under the Child Information Sharing Scheme
Section 20(5) Major Crime (Investigative Powers) Act 2004 Information connected with a witness summons or order issued under the Major Crime (Investigative Powers) Act 2004 should not be shared unless that Act allows it.
Preventative detention orders
Victorian legislation restricting information sharing Information that cannot be shared under the Child Information Sharing Scheme
Section 13ZJ Terrorism (Community Protection) Act 2003 Information about a person detained under a preventative detention order under the Terrorism (Community Protection) Act 2003 should not be shared unless that Act allows it.
Witness protection
Victorian legislation restricting information sharing Information that cannot be shared under the Child Information Sharing Scheme
Section 10 Witness Protection Act 1991 Information relating to the identity or location of a person who is or has been a participant under the Witness Protection Act 1991, or that compromises their security, should not be shared unless that Act allows it.

Providing access to information for a child, family member or third party

People may seek access to their information under privacy and freedom of information (FOI) laws. Under Information Privacy Principle 6, Health Privacy Principle 6 or the Privacy Act 1988 (Cth), an organisation that holds personal information about an individual, such as a child or parent, must provide the individual with access to their information on request. However, under the Child Information Sharing Scheme, an information sharing entity may refuse to give an individual access to their own confidential information if they believe on reasonable grounds that giving the individual access to the information would increase a risk to the safety of a child or group of children.

Any person may make a request to access information under the Freedom of Information Act 1982. However, a document does not have to be disclosed if it would involve the unreasonable disclosure of information relating to the personal affairs of a person (including a deceased person). When deciding whether providing a document to a person would meet this exemption, the relevant information sharing entity must take into account whether disclosure of that information would increase the risk to the safety of a child or group of children. Organisations and services should ensure that relevant business areas responding to FOI requests are aware of the child safety risk exemption and are trained to identify child safety risk.

For example, an information sharing entity should not provide information to the perpetrator of abuse, including family violence, if that information may result in a risk to the safety of any children involved.

Responding to subpoenas

An organisation that holds information collected under the Child Information Sharing Scheme may be subpoenaed to produce that information.

A court may issue a subpoena for an organisation to produce documents to assist the court in considering a matter before it. A subpoena may be sought by any party to a court proceeding and must be complied with unless the court decides differently.

A subpoena may request that certain documents be provided to the court such as case notes, files or any other records. Subpoenaed documents do not automatically become evidence in legal proceedings. However, even if the documents are not used in evidence, the information contained in them, if released, could potentially cause harm or distress to a child or family member.

If an organisation receives a subpoena to provide information about a child or family member, that organisation should seek legal advice on how to respond before providing any information.

A subpoena may be challenged on a number of grounds, including:

  • that it is oppressive, vexatious or a ‘fishing expedition’
  • that it does not demonstrate a legitimate forensic purpose
  • on the basis of a privilege at law
  • on the basis of public interest immunity.

An objection can also be made seeking orders to limit a party’s level of access to any documents produced.

Other legislative provisions may apply to the issuing of and compliance with subpoenas, for example section 32C of the Evidence (Miscellaneous Provisions) Act 1958 and legislation and rules relating to the type of case or Court (e.g. the Family Law Act and Family Court Rules).

Organisations are encouraged to:

  • carefully read instructions provided on complying with subpoenas, including in relation to producing the documents, and seek legal advice as appropriate
  • consider and take steps to manage any potential impact on the safety of a child or relevant family member when considering how to respond to the subpoena
  • notify the child and/or relevant family member that a subpoena has been received, if their records have been subpoenaed and they are not parties to the proceeding.

Footnotes

1 Department of Justice and Regulation, Failure to protect: a new criminal offence to protect children from sexual abuse, available on the Department of Justice website.

2 Department of Justice and Regulation, Failure to disclose offence, available on the Department of Justice website.

3 Victoria’s privacy laws were amended by the Family Violence Protection Act in 2017 to remove the requirement for a serious threat to also be ‘imminent’ in order for organisations bound by the Privacy and Data Protection Act or Health Records Act to share information without consent.

Chapter 5 - Record keeping and information management

Key points

  • Information sharing entities must keep accurate and complete records about information sharing, including any complaints made about information sharing (see Chapter 6 for further information about complaints).
  • Record keeping obligations set by the Child Wellbeing and Safety (Information Sharing) Regulations apply in relation to both written and verbal sharing of information.
  • If an information sharing entity refuses a request from another information sharing entity to disclose information, it must record the request and why it was refused and provide these reasons to the requesting entity in writing.
  • Information sharing entities must take reasonable measures to protect the security of information.
  • If an information sharing entity becomes aware that information recorded or shared about any person is incorrect, it should take reasonable steps to correct that information.

Record keeping requirements

Information sharing entities must comply with the record keeping and information management requirements of the Child Information Sharing Scheme as outlined in the Child Wellbeing and Safety (Information Sharing) Regulations and in this chapter.1 They must also comply with record keeping obligations under other applicable legislation.

Keeping and managing records in accordance with this chapter will ensure that information can be easily identified and corrected if required and that privacy complaints can be responded to appropriately. Many information sharing entities already keep comprehensive records under their existing practices, although they will need to review whether they meet the requirements under the Child Information Sharing Scheme.

When sharing information about any individual under the Child Information Sharing Scheme, whether verbally or in writing, information sharing entities must keep records in accordance with the Child Wellbeing and Safety (Information Sharing) Regulations.

When a request has been received, the following must be recorded:

  • the name of the information sharing entity that requested the information
  • the information that was requested
  • the date on which the information sharing entity made the request.

When disclosing information voluntarily or in response to a request, the following must be recorded:

  • the name of the information sharing entity that received the information
  • the date the information was disclosed
  • a record of the information that was disclosed

    Note: A record may consist of a summary or short description of the content of the confidential information that was disclosed. If information sharing records are held separately from case notes it is recommended that a summary of the confidential information is attached to the record and not a full excerpt or copy of the disclosed information. This may assist in managing information securely to avoid the risk of intentional or unintentional privacy breaches.

  • whether the views of the child and/or their relevant family members were sought and obtained in relation to the information that was disclosed

    Note: The views of the child and relevant family members should be sought if appropriate, safe and reasonable to do. If it is not considered appropriate, safe or reasonable to seek and obtain the views of either the child or the relevant family members for any reason, this must be recorded. See Chapter 2 for more information on seeking the views of a child or family member about information sharing.

  • whether the child and/or their parent was informed that their information was or would be disclosed
  • copies of any of the following documents that are relevant to the disclosure of information:
    • a family violence risk assessment in relation to the child and any relevant family members, as defined under the MARAM Framework
    • a family violence safety plan in relation to child and any relevant family members, as defined under the MARAM Framework.

Good practice considerations

While not required by the Child Wellbeing and Safety (Information Sharing) Regulations, information sharing entities should consider recording the following information.

When making a request:

  • the date of the request
  • the name of the information sharing entity that the request was made to
  • the information that was sought
  • the reason why the information was sought.

When disclosing information, the following additional details may be recorded:

  • how the threshold for sharing under the scheme was met
  • what the views of the child and/or relevant family member were about information sharing
  • if the child and/or parent was not notified that their information was or would be shared, the reason why.

Record keeping requirements if a request is refused

An information sharing entity must refuse a request to share information under the Child Information Sharing Scheme if they do not believe it satisfies the threshold for sharing (see Chapter 1). An information sharing entity must also refuse a request if the information cannot be shared because of another law.

If an information sharing entity refuses a request from another information sharing entity to disclose information under the Child Information Sharing Scheme, it must record the request and the reason why it was refused. The response must be provided to the requesting information sharing entity in writing, in a timely manner. The reason provided should be formulated with care and be appropriate to the situation so as not to increase any risks or inadvertently share excluded information.

Record keeping requirements if a complaint is made

Individuals or other information sharing entities may submit complaints to an information sharing entity about how information was shared under the Child Information Sharing Scheme, as outlined in Chapter 6. If a complaint is received, the recipient entity must record:

  • the date the complaint was made and received
  • the nature of the complaint
  • any action that was taken to resolve the complaint
  • any necessary action that has been taken to prevent or lessen the risk of further similar complaints by addressing the reasons for the complaint
  • time taken to resolve the complaint
  • if the information sharing entity was unable to resolve the complaint, any further action (if any) that was taken.

Other record keeping considerations

Accuracy and currency of records may have substantial impacts on the quality of the information held and shared by information sharing entities, which may in turn impact on children’s wellbeing and safety.

If an information sharing entity becomes aware that information recorded or shared about any person is incorrect, it should take reasonable steps to correct that information.

Information sharing entities must take reasonable steps to protect the information they hold against loss, misuse and unauthorised access, modification or disclosure. They must also ensure that information is managed securely to avoid the risk of intentional or unintentional privacy breaches.

The Child Information Sharing Scheme does not replace or override existing laws and standards in relation to protective data security and law enforcement data security. Information sharing entities must continue to comply with any applicable requirements.

For more information on protecting information see guidance provided by the Office of the Victorian Information Commissioner (website link: www.ovic.vic.gov.au), and the Health Complaints Commissioner (website link: www.hcc.vic.gov.au).

In Victoria, information sharing entities that are public offices (for example, government departments) are governed by the Public Records Act 1973 and must keep and dispose of public records in accordance with any applicable requirements set by the Public Records Office Victoria (website link: www.prov.vic.gov.au). Many contracted service providers are also obliged to comply with these requirements through their funding agreements.

Footnotes

1 Courts and tribunals that are prescribed will not be required to comply with the guidelines or the record keeping obligations included in the Child Wellbeing and Safety (Information Sharing) Regulations 2018. They will not be required to provide written reasons for refusing a request under the scheme.

Chapter 6 - Safeguards when using the scheme

Key points

  • If an individual employed by an information sharing entity acts in good faith and with reasonable care when sharing information under the scheme, they will not be held liable.
  • The Child Information Sharing Scheme includes offences for unauthorised and intentional or reckless use or disclosure of confidential information and for impersonating an information sharing entity.
  • Information sharing entities should have procedures in place for dealing with complaints made in relation to the scheme, including privacy complaints by individuals, and should make these available.

Protection for individual workers

A person who is authorised to share information under the scheme, who acts in good faith and with reasonable care when sharing information will:

  • not be held liable for any criminal, civil or disciplinary action for providing the information (including the offences set out below)
  • not be in breach of any code of professional ethics or considered to have departed from any accepted standards of professional conduct.

This protection from liability applies only to individuals, not organisations.

Generally, a person may be considered to have acted in good faith and reasonable care when they can demonstrate that they:

  • shared information in accordance with their obligations, functions and authorisations
  • intended for the information to be shared for the purpose of promoting the wellbeing and safety of a child and not for another purpose
  • did not act maliciously, recklessly or negligently when exercising their power to share information.

Record keeping in compliance with the requirements in Chapter 5 provides a good foundation for demonstrating that a professional acted in good faith.

Offences

Offences and penalties may apply if information is shared in ways that are not permitted by the Child Information Sharing Scheme as follows:

  • The offence of unauthorised use or disclosure of confidential information includes a fine of 60 penalty units for a person or 300 penalty units for a body corporate. If a person charged with this offence can demonstrate that they acted in good faith and with reasonable care when sharing information, then they will not be held liable.
  • The offence of intentional or reckless unauthorised use or disclosure includes penalties of imprisonment of up to five years and/or a fine of 600 penalty units for an individual, or a fine of 3,000 penalty units for a body corporate.
  • The offence of falsely claiming to be an information sharing entity or an authorised representative of an information sharing entity – or knowingly allowing someone else to believe that you are – includes a fine of 60 penalty units for a person or 300 penalty units for a body corporate.

These offences do not apply to a child or their parents or people living with a child who have been provided with information by an information sharing entity for the purposes of managing a risk to the safety of the child under the scheme. Other offences that will apply include any applicable Commonwealth offences and those in relation to secrecy and confidentiality provisions that continue to apply (see Chapter 4).

Complaints about information sharing

An information sharing entity may submit a complaint to another information sharing entity about how they have undertaken any activities under the Child Information Sharing Scheme, including if a request for information has not been fulfilled.

Individuals should make complaints about breaches of a person’s privacy directly to the relevant information sharing entity in the first instance. Information sharing entities should have procedures in place for dealing with complaints made in relation to the scheme, and should make these available. Information sharing entities must also keep records of any complaints (see Chapter 5).

Privacy complaints may also be made to external oversight bodies. Procedures for making these complaints differ depending on whether an organisation is bound by Victorian or Commonwealth privacy laws, as outlined below.

Complaints under Victorian privacy laws

Complaints in relation to the collection, use or disclosure of personal information by information sharing entities may be made to the Office of the Victorian Information Commissioner.

Complaints in relation to the collection, use or disclosure of health information by information sharing entities (whether they are public or private sector organisations) may be made to the Health Complaints Commissioner.

The Office of the Victorian Information Commissioner or Health Complaints Commissioner can attempt to resolve the complaint through conciliation processes.

In serious cases, the Health Complaints Commissioner is able to investigate the matter. The Health Complaints Commissioner can also issue compliance notices for serious or deliberate privacy breaches arising from disclosures made under the scheme.

For further information, please refer to the Office of the Victorian Information Commissioner website www.ovic.vic.gov.au and the Health Complaints Commissioner website www.hcc.vic.gov.au.

Complaints under Commonwealth privacy law

If the Privacy Act (Cth) applies, a complaint may be made to the Office of the Australian Information Commissioner (OAIC).

If the OAIC chooses to investigate a complaint and it is considered likely that an interference with privacy has occurred, the OAIC may refer the matter to conciliation. If conciliation is not appropriate or does not resolve the complaint, then the OAIC may consider enforcement action.

For further information, please refer to the Office of the Australian Information Commissioner website www.oaic.gov.au.

Appendix 1 – Glossary

Aboriginal Community Controlled Organisations

Not-for-profit organisations that are incorporated as Aboriginal organisations, created and controlled by Aboriginal people.

Australian Privacy Principles

The Australian Privacy Principles as set out in Schedule 1 of the Privacy Act 1988 (Cth).

Carer

In relation to a child, means a person who fulfils the functions of parental responsibility for the child (see definition of ‘parent’).

Child

  1. A person who is under the age of 18 years.
  2. An unborn child that is the subject of a report made under section 29 of the Children, Youth and Families Act 2005 or a referral under section 32 of that Act.

Child Information Sharing Scheme

The Child Information Sharing Scheme, created under Part 6A of the Child Wellbeing and Safety Act 2005, permits the requesting and disclosure of confidential information between prescribed organisations for the purpose of promoting the wellbeing or safety of a child or group of children.

Child Link refers to the digital tool, created under Part 7A of the Child Wellbeing and Safety Act 2005, which creates an entry for each Victorian child with limited key factual information, and is accessible by a Child Link User or a person who is otherwise authorised to access Child Link under Part 7A.

Collection notice

A collection notice is a statement that is provided to an individual at or before the time an organisation collects personal information from that individual, or if that is not practicable, then as soon as is practicable after, informing that individual of certain things about the collection of their information and how it may be accessed, used or disclosed.

Commonwealth Privacy Act

Privacy Act 1988 (Cth)

Confidential information

For the purposes of the Child Information Sharing Scheme, the term ‘confidential information’ includes:

Excluded information

Information that is specifically excluded from being shared under the scheme as defined in section 41Q of the Child Wellbeing and Safety Act 2005. See Chapter 1 for the full list of excluded information.

Family violence

As defined in section 5 of the Family Violence Protection Act 2008 to mean any behaviour toward a family member (which includes a domestic or intimate partner) that is physically, sexually, emotionally, psychologically or economically abusive; threatening or coercive; or is in any other way controlling that causes a person to live in fear for their safety or wellbeing or that of another person.

In relation to children, family violence is also defined as behaviour by any person that causes a child to hear or witness or otherwise be exposed to the effects of the above behaviour. This definition includes violence within a broader family context, such as extended families, kinship networks and communities and other family-like relationships; for example, the relationship between a person with a disability and their carer if that relationship has over time come to approximate the type of relationship that would exist between family members.

Family Violence Information Sharing Guidelines

Family Violence Information Sharing Guidelines which are made under Part 5A of the Family Violence Protection Act 2008.

Family Violence Information Sharing Entity

As defined in section 144D of the Family Violence Protection Act 2008 to mean a person or body prescribed, or a class of person or body prescribed, to be an Information Sharing Entity under the Family Violence Information Sharing Scheme.

Family Violence Information Sharing Scheme

The Family Violence Information Sharing Scheme was established under Part 5A of the Family Violence Protection Act 2008. Part 5A authorises a select group of prescribed Information Sharing Entities (Family Violence information sharing entities) to share information with one another for family violence risk assessment and risk management.

Family Violence Risk Assessment Entity

As defined in Part 5A of the Family Violence Protection Act 2008. A Family Violence Information Sharing Entity also prescribed to be a Risk Assessment Entity. Risk Assessment Entities can request and receive information from any information sharing entity for a family violence assessment or protection purpose, in response to, or from voluntary sharing by, another information sharing entity.

Guidelines

The Child Information Sharing Scheme Ministerial Guidelines, which are made under section 41ZA of the Child Wellbeing and Safety Act 2005.

Health Complaints Commissioner

The Health Complaints Commissioner appointed under section 111 of the Health Complaints Act 2016, to whom complaints can be made under Part 6 of the Health Records Act 2001 about an interference with an individual’s privacy in relation to health information.

Health information

Health information within the meaning of the Health Records Act 2001. Among other things, it includes information or an opinion about the physical, mental or psychological health of an individual, a disability of an individual, an individual’s expressed wishes about the future provision of health services to them, a health service provided or to be provided to an individual; and other personal information collected to provide, or in providing, a health service.

Health Privacy Principles

The Health Privacy Principles set out in Schedule 1 to the Health Records Act 2001.

Identifier

An identifier within the meaning of the Health Records Act 2001. It is usually a number that is either assigned to an individual in conjunction with or in relation to their health information by an organisation for the purpose of identifying that individual, or that is adopted, used or disclosed in conjunction with or in relation to the individual’s health information by an organisation for the purpose of identifying that individual. For example, when a health service assigns each of its patients a unique number for the purposes of identifying them on their system.

Information Privacy Principles

The Information Privacy Principles as set out in Schedule 1 to the Privacy and Data Protection Act 2014.

Information sharing entity

A person or body prescribed, or a class of person or body prescribed, to be an Information Sharing Entity under the Child Information Sharing Scheme. In these guidelines, information sharing entities may also be referred to as ‘prescribed entities’ or ‘prescribed organisations and services’.

MARAM Framework

The Multi-Agency Risk Assessment and Management Framework is designed to guide services in assessing and managing the risk of family violence.

Office of the Victorian Information Commissioner or OVIC

Office of the Victorian Information Commissioner established under section 6B of the Freedom of Information Act 1982.

Part 5A

Part 5A of the Family Violence Protection Act 2008, which creates the Family Violence Information Sharing Scheme.

Part 6A

Part 6A of the Child Wellbeing and Safety Act 2005 (the Act), which creates the Child Information Sharing Scheme (the scheme).

Personal information

Personal information within the meaning of the Privacy and Data Protection Act 2014 is information or an opinion other than health information about an individual whose identity is apparent or can reasonably be ascertained, from the information or opinion. Personal information can be recorded in any form and can be personal information regardless of whether it is true or not.

Scheme

Refers to the Child Information Sharing Scheme (the scheme), which was created under Part 6A of the Child Wellbeing and Safety Act 2005.

Share

Unless indicated otherwise, this term is used to refer to collecting, using or disclosing information.

Sensitive information

Sensitive information as defined in Schedule 1 to the Privacy and Data Protection Act 2014. It includes personal information that is information or an opinion about an individual’s racial or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, sexual orientation or practices, or criminal record.

Third party

Any person other than the child or the child’s family members whose confidential information may be relevant to promoting the wellbeing or safety of the child or group of children.

Unique identifier

An identifier as defined in Schedule 1 of the Privacy and Data Protection Act 2014 (for example the serial number on a bank card or a receipt number).

Appendix 2 - Prescribed entities

Prescribed
organisation/ service
Description of information sharing entity

Government schools

  • A Government school

Non-government schools (independent and Catholic)

  • An operator of a non-Government school, to the extent that the operator performs student-related functions in relation to the day to day organisation, management and administration of a non-Government school.
  • Operator in relation to a non-Government school means the body that is responsible for managing and conducting the operations of a non-Government school.

Catholic and independent Catholic system bodies and canonical administrators that assist, manage or govern Catholic schools in Victoria, where these bodies provide support or services to Catholic schools relating to:

  • student wellbeing or safety, or
  • professional ethics and conduct, or
  • learning diversity

  • A body that operates under the auspices of the Catholic Church and that provides support or services to Catholic schools, to the extent that the body performs functions relating to:
    1. student wellbeing or safety; or
    2. the promotion and management of professional ethics and conduct; or
    3. learning diversity.

Victorian Curriculum and Assessment Authority

Victorian Institute of Teaching

  • The Victorian Institute of Teaching continued in operation by section 2.6.2 of the Education and Training Reform Act 2006.

Victorian Registration and Qualifications Authority

  • The Victorian Registration and Qualifications Authority established by section 4.2.1 of the Education and Training Reform Act 2006.

Education – Early childhood education and care

Prescribed organisation/ service Description of information sharing entity

Kindergarten services

Long day care services

Before and after school hours care services

Approved providers of the above services (where the provider performs child-related functions in relation to the day to day organisation, management and administration of the service)
  • An approved provider of a relevant education and care service located in Victoria to the extent that the approved provider performs child-related functions in relation to the day to day organisation, management and administration of the service.
  • NB: Relevant education and care service means an approved education and care service that:
    1. is a centre-based service
    2. is not a service that provides education and care only during school holidays.

Education – Child wellbeing and safety programs delivered or funded by the Department of Education

Prescribed organisation/ serviceDescription of information sharing entity

Child Link

Child Link is a Restricted Information Sharing Entity that can request the disclosure of confidential information and collect information under the Child Information Sharing Scheme. Child Link cannot disclose information under the Child Information Sharing Scheme.

  • For the purposes of section 41S(1) of the Act, the Secretary to the Department of Education is prescribed to belong to the category of restricted information sharing entity named the Child Link Category.
Doctors in Schools Program
  • A registered medical practitioner who practises in the medical profession as a general practitioner in Victoria.

Education Justice Initiative, including:

  • Koorie Education Children’s Court Liaison Officers
  • Regional Education Children’s Court Liaison Officers
  • The Secretary to the Department of Education, to the extent that that Department manages or delivers programs which support the educational outcomes of children and young people involved in the criminal justice system.

Enhancing Mental Health Support in Schools Program

Regional Telephone Counselling Service

  • A person or body that is engaged or funded under a State contract to provide mental health support services, to the extent that the person or body performs functions relating to the provision of mental health support services in Government schools.

Health, Wellbeing and Specialist Services

Nurses

Student Support Services (SSS)

Visiting teachers

  • The Secretary to the Department of Education, to the extent that that Department manages or delivers student support services to assist children and young people with learning, mental health and developmental barriers.
  • A person or body that is engaged or funded under a State contract by the Department of Education to manage or deliver student support services to assist children and young people with learning, mental health and developmental barriers, to the extent that the person or body performs functions relating to the provision of services to assist children and young people with learning, mental health and developmental barriers.
  • The Secretary to the Department of Education, to the extent that that Department provides school nursing programs.

Koorie education and engagement, including:

  • Koorie Education Coordinators
  • Koorie Engagement Support Officers
  • Koorie Education Children’s Court Liaison Officers
  • Koorie Academy Liaison Officers
  • The Secretary to the Department of Education, to the extent that that Department manages or delivers programs and services to support cultural engagement and improved outcomes for Aboriginal children and young people.
LOOKOUT Program for schools and early childhood
  • The Secretary to the Department of Education, to the extent that that Department manages or delivers programs which support educational outcomes for children and young people in out-of-home care.
  • A person or body that is engaged or funded under a State contract by the Department of Education to manage or deliver programs which support educational outcomes for children and young people in out-of-home care, to the extent that the person or body performs functions relating to the provision of programs to support educational outcomes for children and young people in out-of-home care.

National Student Wellbeing Program management

Note: Chaplaincy and student wellbeing services are engaged by schools and fall under the prescription of government and non-government schools

  • The Secretary to the Department of Education, to the extent that that Department manages or delivers chaplaincy programs to support the emotional wellbeing of students.

Navigator Program

Project REAL

Side by Side Program

  • The Secretary to the Department of Education, to the extent that Department manages or delivers re-engagement services to children and young people at risk of disengaging with education.
  • A person or body that is engaged or funded under a State contract by the Department of Education to provide re-engagement services to children and young people at risk of disengaging with education, to the extent that the person or body performs functions relating to the provision of those services.
Quality Assessment and Regulation Division
  • The Secretary to the Department of Education, to the extent that that Department manages the approval and regulation of education and care services, or manages the approval and regulation of children’s services under the Children’s Services Act 1996.
Royal Children’s Hospital Education Institute
  • A person or body that is engaged or funded under a State contract to provide education support to children and young people experiencing chronic health conditions, to the extent that the person or body performs functions relating to the provision of those services at the Royal Children's Hospital.

Access to Early Learning Program

School-Focussed Youth Services

The Geelong Project

  • A person or body that is engaged or funded under a State contract by the Department of Education to provide early intervention services to children and young people at risk of disengaging with education, to the extent that the person or body performs functions relating to the provision of those services.
Security and Emergency Management Division
  • The Secretary to the Department of Education, to the extent that that Department manages or delivers emergency and critical incident management, security, and incident management programs and services for registered schools.
Statewide Vision Resource Centre
  • The Secretary to the Department of Education, to the extent that that Department manages or delivers programs and services to assist children and young people with vision impairments.

Health

Prescribed organisation/ service Description of information sharing entity

Alcohol and other drugs services

  • A person or body that is engaged or funded under a State contract to provide alcohol and other drugs services, to the extent that the person or body performs functions relating to the provision of alcohol and other drugs services.

Ambulance Victoria

Bush nursing centres

  • An incorporated association that is engaged or funded under a State contract to provide a Bush Nursing Centre, to the extent that the incorporated association performs functions relating to the provision of a Bush Nursing Centre.

Community health centres

  • A registered community health centre within the meaning of the Health Services Act 1988, to the extent that it performs the functions of a registered community health service.

Community-managed and designated mental health services

  • A mental health service provider within the meaning of the Mental Health Act 2014 that is engaged or funded under a State contract to provide mental health services, to the extent that the mental health service provider performs functions relating to the provision of mental health services.

General Practitioners

  • A registered medical practitioner who practises in the medical profession as a general practitioner in Victoria.

General Practice Nurses

  • A general practice nurse who is employed by, or whose services are otherwise retained by, a general practice in Victoria.

Integrated health and aged care services

  • A multi-purpose service within the meaning of the Health Services Act 1988, to the extent that it performs the functions of a multi-purpose service.

Maternal and Child Health services

  • The Secretary to the Department of Health, to the extent that that Department provides maternal and child health advice through a state-wide telephone service.
  • A Council to the extent that it provides maternal and child health programs.
  • A person or body engaged by a Council to provide maternal and child health programs for a maternal and child health service on behalf of the Council, to the extent that the person or body performs functions relating to the provision of maternal and child health programs.
  • A person or body that is engaged or funded under a State contract to provide maternal and child health services, to the extent that the person or body performs functions relating to the provision of maternal and child health services.

Public hospitals

Denominational hospitals

Public health service, e.g. Austin Health and Eastern Health

Early parenting centres
  • A registered funded agency within the meaning of the Health Services Act 1988, to the extent that it performs the functions of a registered funded agency

Health - Aged Care

Prescribed organisation/service Description of information sharing entity

Integrated health and aged care services

  • A multi-purpose service within the meaning of the Health Services Act 1988, to the extent that it performs the functions of a multi-purpose service.

State-funded aged care services

Families, fairness and housing – Disability

Prescribed organisation / service Description of information sharing entity

Disability Services Commissioner

Forensic Disability

Multiple and Complex Needs Initiative

Victorian Disability Worker Commission

Disability Worker Registration Board of Victoria
  • The Victorian Disability Worker Commission established under section 21(1) of the Disability Service Safeguards Act 2018.
  • The Disability Worker Registration Board of Victoria established under section 8 of the Disability Service Safeguards Act 2018.

Families, fairness and housing – Accommodation and homelessness support

Prescribed organisation / service Description of information sharing entity

Community housing organisations

  • A registered agency within the meaning of the Housing Act 1983, to the extent that it performs the functions of a registered agency.

DFFH Housing

  • The Secretary to the Department of Families, Fairness and Housing, to the extent that that Department performs functions under the Housing Act 1983; or that Department assists with the performance of the Director of Housing’s functions under the Housing Act 1983.
  • The Director of Housing within the meaning of the Housing Act 1983.

State-funded homelessness services

  • A person or body that is engaged or funded under a State contract to provide homelessness accommodation or homelessness support services, to the extent that the person or body performs functions relating to the provision of homelessness accommodation or homelessness support services.

Tenancy Plus Program

  • A person or body that is engaged or funded under a State contract to provide case management support for at risk social housing tenants to assist to establish or sustain a tenancy, to the extent that the person or body delivers those services.

Families, fairness and housing – Human services

Prescribed organisation / serviceDescription of information sharing entity

Child Protection

Hurstbridge Farm

Secure welfare services

Community-based child and family services
  • A community-based child and family service within the meaning of the Children, Youth and Families Act 2005, to the extent that it performs the functions of a community-based child and family service.
Out of home care services (care services)
  • A registered out of home care service within the meaning of the Children, Youth and Families Act 2005, to the extent that it performs the functions of a registered out of home care service.
Refugee Minor Program
Risk Assessment and Management Panels (including those services that would not otherwise be prescribed but only when participating in a RAMP)
  • A person or body that participates in a Risk Assessment and Management Panel meeting, to the extent that the person or body performs functions that relate to the person or body's participation in a Risk Assessment and Management Panel meeting, including preparation for and attendance at a meeting and associated follow-up actions or activities.
Settlement or casework services for migrants, refugees or asylum seekers
  • A person or body that provides settlement or targeted casework services specifically for migrants, refugees or asylum seekers, to the extent that the person or body provides settlement or casework services for migrants, refugees or asylum seekers.
Sexual assault services
  • A person or body that is engaged or funded under a State contract to provide services to victim survivors of sexual assault and perform family violence information sharing functions, to the extent that the person or body performs functions relating to the provision of services to victim survivors of sexual assault.
Sexually abusive behaviour treatment services
  • A person or body that is engaged or funded under a State contract to provide treatment services for sexually abusive behaviour, to the extent that the person or body performs functions relating to the provision of sexually abusive behaviour treatment services.
Specialist family violence services (including refugees, Men’s Behaviour Change Programs, family violence counselling and therapeutic programs)
  • A person or body that provides specialist family violence services and is engaged or funded under a State contract to perform family violence information sharing functions, to the extent that the person or body performs functions relating to the provision of specialist family violence services.
Supported playgroups
  • A person or body that is engaged or funded under a State contract to provide supported playgroups, to the extent that the person or body performs functions relating to supported playgroups.
The Orange Door Network
  • A body that is declared to be an authorised Hub entity under section 144SC of the Family Violence Protection Act 2008, to the extent that the body provides Hub services within the meaning of Part 5B of that Act.

Justice

Prescribed organisation/ serviceDescription of information sharing entity
Children’s Court of Victoria
Justice Health (prescribed under CISS in regards to programs for children and young people under 18 years)
  • The Secretary to the Department of Justice and Community Safety, to the extent that that Department manages or delivers justice, health, rehabilitation or reintegration services or programs for children.
Justice Health’s funded or contracted Youth Health and Rehabilitation Service (YHaRS) Rehabilitation Programs provided to children and young people
  • A person or body that is engaged or funded under a State contract by the Department of Justice and Community Safety to provide or deliver health, rehabilitation or reintegration services or programs for children, to the extent that the person or body provides or delivers those services or programs directly to children.
Magistrates’ Court of Victoria
Multi-Agency Panel to Prevent Youth Offending
  • A person or body that participates in a Multi-Agency Panel to Prevent Youth Offending meeting, to the extent of that participation, including preparation for and attendance at the meeting and associated follow-up actions or activities.
Perpetrator intervention services, including trials
  • A person or body that is engaged or funded under a State contract to provide family violence perpetrator intervention programs or services, including trials of such programs or services, to the extent that the person or body performs functions relating to the provision of family violence perpetrator intervention programs or services.
Registry of Births, Deaths and Marriages
Secretariat to the Youth Parole Board
  • The Secretary to the Department of Justice and Community Safety, to the extent that that Department supports the performance of the functions under Chapter 5 of the Children, Youth and Families Act 2005 of the Youth Parole Board within the meaning of that Act.
Victims Assistance Programs
  • A person or body that is engaged or funded under a State contract by the Department of Justice and Community Safety to provide case management services to victims of crime, to the extent that the person or body performs functions relating to the provision of case management services to victims of crime.
Victims of Crime Helpline
  • The Secretary to the Department of Justice and Community Safety, to the extent that that Department provides victims of crime support through a state-wide telephone service.
Victoria Police
Youth Justice
Youth Justice-funded community support services or programs
  • A person or body that is engaged or funded under a State contract to provide youth justice community support services or programs, to the extent that the person or body performs functions relating to youth justice community support services or programs.

Other

Prescribed organisation / service Description of information sharing entity

Commission for Children and Young People

The organisations prescribed under the Child Information Sharing Scheme are broadly consistent with the organisations prescribed under the Family Violence Information Sharing Scheme.

For more information on the obligations under the Family Violence Information Sharing Scheme and MARAM Framework, and guidance about prescribed entities, see www.vic.gov.au/guides-templates-tools-for-information-sharing

Appendix 3 - Resources and further support

Commissioner for Privacy and Data Protection (2017)

Guidelines to protecting the security of personal information: ‘Reasonable steps’ under Information Privacy Principle 4.1.

Department of Education and Training (2009)

Key ages and stages framework

Department of Human Services (2012)

Best interests case practice model

Family Safety Victoria (2018)

Multi-Agency Risk Assessment and Management Framework

Department of Human Services (2017)

Balit Murrup: Aboriginal social and emotional wellbeing framework

Department of Human Services (2017)

Korin Korin Balit-Djak: Aboriginal health, wellbeing and safety strategic plan 2017–2027

Department of Human Services (2017)

Language Services Policy and Guidelines

Family Safety Victoria (2017)

Diversity and Intersectionality Framework

Family Safety Victoria (2017)

Family Violence Information Sharing Guidelines

The United Nations (1989)

Convention on the Rights of the Child, Treaty Series, 1577, 3

For further information about the Child Information Sharing Scheme, visit website: www.infosharing.vic.gov.au