Following the successful passage of the Children Legislation Amendment (Information Sharing) Act 2018 (Act), Government departments, regulatory bodies, health and social service providers and education providers with responsibility for the wellbeing and safety of children will need to prepare for a new expanded network for sharing information to facilitate prevention of harm or early intervention for vulnerable children.

The Act seeks to overcome existing limitations on a prescribed entity’s ability to share personal information about a child with other prescribed entities, in order to improve service delivery and prevent an agency from inadvertently endangering or prejudicing a child where the agency does not have access to all the relevant information about a child’s risk profile.

The Act is part of the legislative reforms promised by the Victorian Government following the Royal Commission into Family Violence, and complements the Family Violence Protection (Information Sharing) Regulations 2018, which established a similar information-sharing scheme within the context of the Family Violence Protection Act 2008.

Key features

The Act has two key purposes:

• establishing an information sharing scheme to enable specified entities to share confidential information that an entity would otherwise not be permitted to share
• establishing a register of children born or resident in Victoria to improve child wellbeing and safety outcomes for those children, and to monitor and support their participation in government-funded programs and services.

Information-sharing scheme

Bodies that are prescribed as information sharing entities under the regulations will be able to request information (including personal information) from another information sharing entity, where the exchange would promote the wellbeing or safety of a child or group of children for specified purposes.

Entities must respond to requests for information if they meet the requirements set out under the Act, unless an exclusion applies. Entities will also be able to share information proactively (i.e. where no request has been made) where they reasonably believe the information promotes child wellbeing or safety and may assist the recipient to carry out certain activities relating to a child’s wellbeing or safety.

Before sharing information, an information entity must satisfy itself that:

• it considers that the information promotes the safety and wellbeing of a child or group of children
• it reasonably believes that the information may assist the recipient (also a prescribed entity) to perform at least one of a specified range of activities relating to that child’s or group of children’s safety and wellbeing, being:
  • making a decision, assessment or plan relating to the wellbeing or safety of the child or group of children
  • initiating or conducting any investigation relating to the wellbeing or safety of the child or group of children
  • providing any service relating to the wellbeing or safety of the child or group of children
  • managing any risk to the child or group of children
• reasonably believe that the information is not ‘excluded information’.

Excluded information includes information that, if disclosed, would endanger a person's life or result in physical injury, prejudice an investigation or legal proceedings, waive privilege, contravene a court order or be contrary to the public interest.

Child Link Register

The Act also establishes the Child Link Register, a database of key factual information in relation to children who are born in Victoria or who access certain Victorian Government-funded services, including:

• maternal and child health services
• supported playgroups and funded kindergarten programs
• Government and non-Government schools
• school nurse programs and student support services provided in Government schools.

The Child Link Register (Child Link) will also record information about children who are registered for home schooling or are the subject of a child protection order.

The information contained on Child Link will include the personal details of a child, contact details of persons with responsibility for the child, services in which a child is enrolled or participates and whether a child protection order has been made regarding the child.

Child Link is only accessible to a limited number of defined entities and professionals, known as Child Link users, who deliver services for children or are responsible for administering and developing the policy to improve service delivery.

The range of Child Link Users is broad, and includes authorised staff in the Department of Education and Training and the Department of Health and Human Services, employees of councils who have responsibility for childhood services, registered nurses delivering maternal and child health and school nursing programs, education and care services providers, family violence and community-based services, school principals and select regulators, including the Disability Services Commissioner and the Commissioner for Children and Young People.

Issues for government bodies and regulators

Clearly, the Act will have significant privacy impacts for Victorian children and their parents and guardians.

While it won’t be certain who will be a prescribed information sharing entity until the regulations to the Act are settled, it is apparent from the list of Child Link Users defined under the Act that the scheme will cover a broad range of bodies in the education, childcare, social services and health sectors. From a privacy perspective, the breadth of different entities and Child Link Users represent a significant regulatory challenge. More specifically, the scale of the scheme will make it more difficult to regulate, administer and enforce and, arguably, the risk of non-compliance will be greater than for a more limited scheme.

Regarding the information sharing scheme established by the Act, prescribed information sharing entities will need to have systems and processes in place to both make and respond to requests for information about children for whom they are responsible.

Entities can only share information for the purpose of 'promoting the well-being' of a child. How will agencies interpret that phrase, and what support will the regulations, guidelines and policies provide? What risk assessment structure will entities develop to assess requests for information about children in their care (including assessing the risk profile of the requesting entity)?

Regulators who oversee education and childcare sectors, such as VRQA, the Disability Commissioner or the Commissioner for Children and Young People, will need to consider how the Act interacts with the legislation they administer, particularly any secrecy or non-disclosure provisions. For example, the Act clarifies that the offence provisions that restrict entities from sharing information about a person who has made a report to the Commissioner for Children and Young People do not apply to a disclosure made consistently with the provisions of the Act. Where an entity’s governing legislation and policies restrict the handling of information, how will that entity strike a balance between determining whether it is in the best interests of a child to share information?