The consequences of not sharing information in the social services sector can lead to worsening family violence and child abuse cases, and more training in the Privacy Act is needed for those who work in the community frontline, are some of the new findings from research by Methodist Mission Southern.

The Mission was supported by the Office of the Privacy Commissioner’s Privacy Good Research Fund to undertake an important research project that examined information sharing and high needs clients in social services delivery.

The report looked at practitioner and organisational competency across a range of agencies relating to Principle 11: Limits on disclosure of personal information and Part 9A: Information sharing (AISAs) of the Privacy Act 1993.

Research background

It’s often necessary to share information in order to provide comprehensive and wraparound services for clients. Positive outcomes for clients may be inhibited when important information isn’t shared with other service providers. The consequences of not sharing information can be significant, with a lack of information sharing a contributing factor in several high profile family violence and child abuse cases.

While recognising information sharing is very important, it is also necessary to protect and uphold the privacy rights of clients. Agencies and practitioners are required to strike the delicate balance between sharing and protecting client information.

This research has yielded a number of important practical findings and led to the creation of several resources for frontline workers and managers that are intended to improve practices around client data and information sharing.

The research

A mixed-method design was used with surveys and semi-structured interviews The study collected 146 completed survey responses and conducted 20 interviews.

To obtain frontline and organisation level perspectives, two surveys were administered - one for frontline practitioners and the other directed at senior managers. Both managers and practitioners took part in interviews.

Our key findings

• The majority of organisations received requests for client information and shared information with another organisation or organisations.
• Nearly one third of practitioners report not being trained in the Privacy Act and its information privacy principles. Of the participants who had received training, some considered the training to be inadequate.
• Few practitioners find the principles easy to apply in practice.
• Not all organisations are training staff members on when other legislation or formal Memorandums of Understanding that concern sharing client information may apply.
• Just over half of organisations are complying with their obligation to have a privacy officer. The majority of practitioners did not know who their privacy officer was.
• Few privacy officers reported undertaking training by the Office of the Privacy Commissioner.
• Over one third of practitioners surveyed either strongly agreed or agreed with the statement “Information sharing between organisations should only be allowed with the informed consent of the client (i.e. even if the Privacy Act 1993 permits the information to be shared without consent)”.
• From discussion with Māori providers, it was suggested that the Privacy Act is at times incongruous with a Māori worldview, particularly in regards to information being collectively owned by whanau, and the Act was often being breached to give effect to this.
• Challenges to information sharing primarily centred around an inability to share information when practitioners believed doing so would benefit the client, or information being withheld when practitioners believed sharing would benefit the client, and not knowing who to share information with.
• Some participants described encountering situations where they thought the Act was being used as an excuse to refuse information sharing requests.

Our recommendations

• All frontline workers who deal with personal client information should be trained in information sharing.
• Frontline workers need explicit instruction to staff that informal information sharing is a breach of the Act.
• Agencies conduct regular IT audits of security of client information.
• Agencies establish a privacy officer and staff made aware of their role.
• Agencies to be informed of the resources on the Office of the Privacy Commissioner website.
• The issues regarding a Māori worldview and privacy warrant further exploration.

About Methodist Mission Southern

The Mission brings a heritage of over 125 years successful service to the people of Otago and Southland. It delivers specialised frontline services to high-needs clients, including early childhood education, foundation education, prison programmes, social work, whānau services and community development projects in order to develop skills and build resiliency in clients.

The Mission also possesses sector-leading capability in the use of client-derived data within a social investment framework. It works closely with a number of government data-projects, including the Integrated Data Infrastructure Pilot Partnership Project with Statistics NZ, and an innovative shared service hub project with the government’s Social Investment Unit to provide an end-to-end solution to frontline data collection and outcome reporting needs.

Further information

A copy of the Information Sharing and High Needs Clients report and a full set of practical resources for agencies are available on the Mission’s website.

Jimmy McLauchlan is the Methodist Mission Southern’s Business Development Leader. He manages the Mission’s entrepreneurial development and engagement with new funding. The Mission’s Information Sharing and High Needs Clients report will be presented at the Privacy Research Symposium in Auckland on 15 December 2016.

Image credit: The Methodist Mission Southern logo.

health, children