Key points
- Child Link is a digital tool that complements the operation of the Child Information Sharing Scheme for authorised professionals within certain information sharing entities.
- Sharing information for children’s safety is already permitted, and in some cases required, under other laws, such as the Privacy and Data Protection Act, the Health Records Act, the Children, Youth and Families Act and the Crimes Act 1958.
- Organisations and services, including those not prescribed under the Child Information Sharing Scheme, should share information as permitted or required under other laws.
- Secrecy and confidentiality provisions in other laws still apply, unless they have been expressly overridden by the Child Information Sharing Scheme.
Information sharing and Child Link
Child Link commenced operation in December 2021 and forms part of Victoria’s Child Information Sharing reform, alongside the Child Information Sharing Scheme. Child Link supports the Child Information Sharing Scheme by combining information from existing government source systems into a single entry for every Victorian child, in accordance with Part 7A of the Child Wellbeing and Safety Act.
Professionals working with children need readily available, accurate information on children in their care to support early identification of risks and vulnerabilities. Early and more responsive information sharing can empower professionals to identify issues and vulnerabilities, provide earlier supports and prevent the escalation of risk into harm.
Child Link creates an entry for each Victorian child from birth to 18 years of age at the time a child first interacts with one of the prescribed early childhood or education services, maternal and child health services or if a child protection order is made in respect of the child. The information displayed on Child Link is limited by legislation and will include key information about a child and the child’s participation in key early childhood and education services.
The professionals who may be authorised to be Child Link Users are limited to specific roles which have responsibility for child wellbeing and safety and is restricted by law. Some of the authorised professionals permitted to become Child Link Users include Maternal and Child Health nurses, school principals and key staff at schools, early childhood teachers, and Child Protection practitioners.
Child Link Users will work for an information sharing entity; however, not all information sharing entities will have Child Link Users. Child Link Users may disclose confidential information contained in Child Link in accordance with disclosure provisions within Part 7A of the Child Wellbeing and Safety Act and under the Child Information Sharing Scheme.
The Child Link Secretary’s Guidelines outline Child Link’s policy, operational and technological features, and provide context to Part 7A of the Child Wellbeing and Safety Act, including how information from Child Link may be shared under the Child Information Sharing Scheme.
Other information sharing permissions and obligations
There is a range of information sharing mechanisms outside the Child Information Sharing Scheme.
Organisations and services should share information and collaborate with other services as permitted by law, whether the Child Information Sharing Scheme or another law, such as the Privacy and Data Protection Act, the Health Records Act or the Children, Youth and Families Act.
Child safety reporting and information sharing obligations continue to apply, including:
- mandatory reporting obligations, reporting to child protection if there is a significant risk of harm, and information sharing with child protection under the Children, Youth and Families Act
- obligations created by the ‘Failure to Protect’1 and ‘Failure to Disclose’2 offences under the Crimes Act
- sharing information about Reportable Conduct Scheme allegations and investigations under the Child Wellbeing and Safety Act.
Information sharing entities are required to meet the data security standards of laws that apply to them.
Information sharing under privacy law
The Child Information Sharing Scheme does not affect the collection, use or disclosure of confidential information that is permitted by the Privacy and Data Protection Act, Health Records Act or any other existing privacy laws.3
Existing privacy laws permit sharing information in a range of circumstances such as:
- with the consent of the client
- in a number of circumstances including to lessen or prevent a serious threat to the life, health, safety or welfare of a person
- for the primary or a related secondary purpose for which the information was collected.
The Health Records Act continues to apply to any information sharing entity that is a public sector body, a private health service provider or any other organisation that collects, holds or uses health information, including health information shared under the scheme.
The Child Information Sharing Scheme makes certain modifications to the Information Privacy Principles and the Health Privacy Principles to ensure that the scheme is able to operate as intended. Specifically:
- information sharing entities are not obliged to collect personal or health information about an individual directly from that person (as might otherwise be required under Information Privacy Principle 1.4 or Health Privacy Principle 1.3) if they are collecting the information from another information sharing entity under the scheme
- if an information sharing entity collects personal or health information about a person from another information sharing entity under the scheme, it will not be obliged to take reasonable steps to notify that person that their information has been collected (as might otherwise be required under Information Privacy Principle 1.5 or Health Privacy Principle 1.5) if doing so would be contrary to the promotion of the wellbeing or safety of a child
- information sharing entities will not be obliged to obtain consent from any person before collecting information under the scheme, including ‘sensitive information’ for the purposes of Information Privacy Principle 10.1 (such as information about a person’s criminal record) if they are sharing in accordance with the scheme.
The following section provides more information about notification requirements under the Privacy and Data Protection Act and the Health Records Act.
Existing notification requirements under privacy law
If an organisation collects information directly from the person to whom the information belongs, Information Privacy Principle 1.3 and Health Privacy Principle 1.4 require the organisation to ‘take reasonable steps’ to make that person aware of particular matters at or before the time the information is collected, or as soon as practicable after.
These particular matters include:
- the identity of the organisation collecting the information and its contact details
- the fact that the individual is able to gain access to the information
- the purposes for which the collection is collected
- any parties (or types of parties) to which the information of that kind is usually disclosed
- any law that requires the information to be collected
- the main consequences (if any) for the individual if they do not provide all or part of the information sought.
An information sharing entity is only obliged to give notice to the person to whom the information relates if it is reasonable in the circumstances to do so. For example, it may be unreasonable to take steps to provide an organisation’s contact details, where the person has initiated the contact with the organisation and is therefore already aware of this information.
Similarly, it may be considered unreasonable to give notice about access rights to information, where giving access would not promote the wellbeing or safety of a child, or would raise personal safety risks for other individuals.
All information sharing entities should review their forms and other relevant documents used to facilitate the collection of client information (such as client privacy policies and service induction material) to ensure that these adequately cover notice requirements.
If information sharing entities wish to share information collected prior to the scheme’s commencement, they must also consider what reasonable steps can be taken to make individuals aware of relevant changes to the way their information is to be handled. Relevant changes are those that are likely to have a direct impact on personal privacy, consent requirements, or a person’s engagement with a service.
For example, if the individual is contactable and it is safe to do so, an updated collection notice could be provided to them. The means of communication should take into account their privacy and any risks that contacting them directly might pose to themselves or another person.
In some cases, a collection notice in use prior to the scheme’s commencement will be sufficient and may not need to be updated if its wording already covers information handling and sharing of the kind intended by the Child Information Sharing Scheme.
Secrecy and confidentiality provisions
Secrecy and confidentiality provisions continue to apply unless expressly overridden by the Child Information Sharing Scheme (outlined below). In other words, if information is restricted from being shared under another law, and that law has not been overridden by the scheme, then these restrictions continue to apply. All organisations should be aware of their obligations under other laws.
Provisions that the Child Information Sharing Scheme overrides
The Child Information Sharing Scheme overrides the following provisions in other Victorian legislation to improve information sharing and allow the scheme to operate as intended:
Table 1: Legislative provisions overridden by Part 6A of the Child Wellbeing and Safety Act 2005
Information obtained in the following official capacities
| Legislation overridden by the Child Information Sharing Scheme | Information that can be shared under the Child Information Sharing Scheme |
|---|---|
| Section 132ZC Disability Act 2006 | A person who is the Disability Services Commissioner, acting Disability Services Commissioner, or a delegate, employee or engaged by the office of the Disability Services Commissioner in the exercise of their powers under the Disability Act 2006. |
| Section 55 Commission for Children and Young People Act 2012 | As a Commissioner, delegate of the Commissioner, authorised person or member of staff of the Commission for Children and Young People. |
| Section 41B Child Wellbeing and Safety Act 2005 | As a Commissioner, delegate of the Commissioner, authorised person or member of staff of the Commission for Children and Young People. |
Information collected or obtained in the following ways
| Legislation overridden by the Child Information Sharing Scheme | Information that can be shared under the Child Information Sharing Scheme |
|---|---|
| Section 207(2) Children, Youth and Families Act 2005 | From a protection report provided to a police officer from the Secretary of the Department of Families, Fairness and Housing. |
| Section 140 Confiscation Act 1997 | Disclosed in the course of performing a duty under or in connection with the Confiscation Act 1997 or in connection with law enforcement. |
| Section 36 Disability Act 2006 | Because of a person’s appointment as a community visitor. |
| Section 39 Disability Act 2006 | Relating to the provision of disability services that may identify a person and was acquired in an official capacity by:
|
| Section 23 Human Services (Complex Needs) Act 2009 | By a person in their capacity as:
|
| Section 181 Personal Safety Intervention Orders Act 2010 | By a police officer for the purpose of locating a respondent to serve a respondent with a document under the Personal Safety Intervention Orders Act 2010. |
Firearms licences
| Legislation overridden by the Child Information Sharing Scheme | Information that can be shared under the Child Information Sharing Scheme |
|---|---|
| Section 181 Firearms Act 1996 | Information with respect to firearms licences |
Information about proceedings, orders or warrants
| Legislation overridden by the Child Information Sharing Scheme | Information that can be shared under the Child Information Sharing Scheme |
|---|---|
| Section 537(3) Children, Youth and Families Act 2005 | Information on the court register. |
| Section 582(5) Children, Youth and Families Act 2005 | Information that may be of use in the enforcement of court orders and fines. |
| Section 18(3) Magistrates’ Court Act 1989 | Orders of the Court and other matters entered into the register. |
| Section 99A(5) Magistrates’ Court Act 1989 | Information obtained by the infringements registrar, the sheriff or any contractor or subcontractor supporting the functions of the Infringements Court of the sheriff that may be of use in the enforcement of court orders and fines. |
| Section 347(2) Mental Health Act 2014 | Health information from an electronic health information system. |
| Sections 5.3A.10 and 5.3A.14 Education and Training Reform Act 2006 | A Victorian student number or related information. |
This means that information can be shared under the Child Information Sharing Scheme, even if one of the listed provisions would otherwise restrict information from being shared. It is important to note that these provisions are only overridden if an information sharing entity is lawfully sharing in accordance with the Child Information Sharing Scheme. Otherwise, the provisions will continue to restrict any sharing of information outside the Child Information Sharing Scheme.
Penalties may apply for the unauthorised sharing of information.
Information sharing entities should ensure that they and their staff are aware of:
- any privacy, secrecy or confidentiality provisions that apply to them
- the circumstances in which those provisions continue to restrict the sharing of information, and when they are overridden by the Child Information Sharing Scheme.
Provisions that the Child Information Sharing Scheme does not override (key legislative provisions that continue to apply)
Secrecy and confidentiality provisions continue to apply unless expressly overridden by the Child Information Sharing Scheme.
In other words, if information is restricted from being shared under another law and that law has not been overridden by the Child Information Sharing Scheme then these restrictions continue to apply. All organisations should be aware of their obligations under the law.
Please be aware that Table 2 is not an exhaustive list of all the information restrictions contained in all Victorian legislation that have not been overridden by the Child Information Sharing Scheme. Table 2 is an attempt to capture the information restrictions contained in Victorian legislation that may be relevant to the sharing of information concerning a child or group of children and therefore which may be important to consider when intending to share information under the Child Information Sharing Scheme.
Table 2: Key legislative provisions that continue to apply
Details of an investigation
| Victorian legislation restricting information sharing | Information that cannot be shared under the Child Information Sharing Scheme |
|---|---|
| Children, Youth and Families Act 2005 | Details of an investigation into a registered foster carer or out-of-home carer, or information that a person is a disqualified carer, under Part 3.4 of the Children, Youth and Families Act 2005 should not be shared unless that Act allows it. |
Information that can identify certain persons
| Victorian legislation restricting information sharing | Information that cannot be shared under the Child Information Sharing Scheme |
|---|---|
| Children, Youth and Families Act 2005 | The identity of a person who has made a protective intervention report or a wellbeing and safety report to Child Protection or a referral to Child FIRST under the Children, Youth and Families Act 2005 should not be shared unless that Act allows it. |
| Section 330(1) Crimes Act 1958 | The identity of a person that has made a disclosure about a sexual offence committed against a child under the age of 16 years under Section 327(2) of the Crimes Act 1958 should not be shared unless that Act allows it. |
| Serious Offenders Act 2018 | The Serious Offenders Act 2018 places restrictions on the use and disclosure of information on a supervision, detention or emergency detention order and information should not be shared unless that Act allows it.
Section 284 of the Serious Offenders Act 2018 allows for the sharing of information in certain circumstances, including to respond to, lessen or prevent a threat to the life, health, safety or welfare of any person. |
Information acquired through the following conciliation or alternative dispute resolution
| Victorian legislation restricting information sharing | Information that cannot be shared under the Child Information Sharing Scheme |
|---|---|
| Section 40J Legal Aid Act 1978 | A person who attends an alternative dispute resolution program under Section 40J of the Legal Aid Act 1978 may only disclose the information acquired as a result of the alternative dispute resolution program under that Act. |
| Children, Youth and Families Act 2005 | A person who attends a conciliation conference under Part 4.7 of the Children, Youth and Families Act 2005 is subject to confidentiality provisions and may only disclose information if that Act allows it. |
Information contained in particular assessment reports
| Victorian legislation restricting information sharing | Information that cannot be shared under the Child Information Sharing Scheme |
|---|---|
| Various Acts (including but not limited to Section 73H of the Family Violence Protection Act 2008 and Section 53 of the Personal Safety Intervention Orders Act 2010) | Information contained in Children’s Court Clinic Reports should not be shared unless the legislation under which the Report was ordered permits it or the Court orders that the information can be shared. |
Sex offenders register
| Victorian legislation restricting information sharing | Information that cannot be shared under the Child Information Sharing Scheme |
|---|---|
| Sex Offenders Registration Act 2004 | The Sex Offenders Registration Act 2004 places restrictions on the use and disclosure of information that is contained on the sex offenders register and information should not be shared unless that Act allows it. (Note: a perpetrator’s criminal history may be shared separately from their status on the register). |
Criminal intelligence
| Victorian legislation restricting information sharing | Information that cannot be shared under the Child Information Sharing Scheme |
|---|---|
| Sections 84 and 85 Criminal Organisations Control Act 2012 | Information that is protected criminal intelligence or that was subject to a protection application not granted by the court under the Criminal Organisations Control Act 2012 should not be shared unless that Act allows it. |
Information related to organised crime offences
| Victorian legislation restricting information sharing | Information that cannot be shared under the Child Information Sharing Scheme |
|---|---|
| Section 20(5) Major Crime (Investigative Powers) Act 2004 | Information connected with a witness summons or order issued under the Major Crime (Investigative Powers) Act 2004 should not be shared unless that Act allows it. |
Preventative detention orders
| Victorian legislation restricting information sharing | Information that cannot be shared under the Child Information Sharing Scheme |
|---|---|
| Section 13ZJ Terrorism (Community Protection) Act 2003 | Information about a person detained under a preventative detention order under the Terrorism (Community Protection) Act 2003 should not be shared unless that Act allows it. |
Witness protection
| Victorian legislation restricting information sharing | Information that cannot be shared under the Child Information Sharing Scheme |
|---|---|
| Section 10 Witness Protection Act 1991 | Information relating to the identity or location of a person who is or has been a participant under the Witness Protection Act 1991, or that compromises their security, should not be shared unless that Act allows it. |
Providing access to information for a child, family member or third party
People may seek access to their information under privacy and freedom of information (FOI) laws. Under Information Privacy Principle 6, Health Privacy Principle 6 or the Privacy Act 1988 (Cth), an organisation that holds personal information about an individual, such as a child or parent, must provide the individual with access to their information on request. However, under the Child Information Sharing Scheme, an information sharing entity may refuse to give an individual access to their own confidential information if they believe on reasonable grounds that giving the individual access to the information would increase a risk to the safety of a child or group of children.
Any person may make a request to access information under the Freedom of Information Act 1982. However, a document does not have to be disclosed if it would involve the unreasonable disclosure of information relating to the personal affairs of a person (including a deceased person). When deciding whether providing a document to a person would meet this exemption, the relevant information sharing entity must take into account whether disclosure of that information would increase the risk to the safety of a child or group of children. Organisations and services should ensure that relevant business areas responding to FOI requests are aware of the child safety risk exemption and are trained to identify child safety risk.
For example, an information sharing entity should not provide information to the perpetrator of abuse, including family violence, if that information may result in a risk to the safety of any children involved.
Responding to subpoenas
An organisation that holds information collected under the Child Information Sharing Scheme may be subpoenaed to produce that information.
A court may issue a subpoena for an organisation to produce documents to assist the court in considering a matter before it. A subpoena may be sought by any party to a court proceeding and must be complied with unless the court decides differently.
A subpoena may request that certain documents be provided to the court such as case notes, files or any other records. Subpoenaed documents do not automatically become evidence in legal proceedings. However, even if the documents are not used in evidence, the information contained in them, if released, could potentially cause harm or distress to a child or family member.
If an organisation receives a subpoena to provide information about a child or family member, that organisation should seek legal advice on how to respond before providing any information.
A subpoena may be challenged on a number of grounds, including:
- that it is oppressive, vexatious or a ‘fishing expedition’
- that it does not demonstrate a legitimate forensic purpose
- on the basis of a privilege at law
- on the basis of public interest immunity.
An objection can also be made seeking orders to limit a party’s level of access to any documents produced.
Other legislative provisions may apply to the issuing of and compliance with subpoenas, for example section 32C of the Evidence (Miscellaneous Provisions) Act 1958 and legislation and rules relating to the type of case or Court (e.g. the Family Law Act and Family Court Rules).
Organisations are encouraged to:
- carefully read instructions provided on complying with subpoenas, including in relation to producing the documents, and seek legal advice as appropriate
- consider and take steps to manage any potential impact on the safety of a child or relevant family member when considering how to respond to the subpoena
- notify the child and/or relevant family member that a subpoena has been received, if their records have been subpoenaed and they are not parties to the proceeding.
Footnotes
1 Department of Justice and Regulation, Failure to protect: a new criminal offence to protect children from sexual abuse, available on the Department of Justice website.
2 Department of Justice and Regulation, Failure to disclose offence, available on the Department of Justice website.
3 Victoria’s privacy laws were amended by the Family Violence Protection Act in 2017 to remove the requirement for a serious threat to also be ‘imminent’ in order for organisations bound by the Privacy and Data Protection Act or Health Records Act to share information without consent.
Updated