- Child Link is a digital tool that complements the operation of the Child Information Sharing Scheme for authorised professionals within certain information sharing entities.
- Sharing information for children’s safety is already permitted, and in some cases required, under other laws, such as the , the , the and the .
- Organisations and services, including those not prescribed under the Child Information Sharing Scheme, should share information as permitted or required under other laws.
- Secrecy and confidentiality provisions in other laws still apply, unless they have been expressly overridden by the Child Information Sharing Scheme.
Information sharing and Child Link
Child Link commenced operation in December 2021 and forms part of Victoria’s Child Information Sharing reform, alongside the Child Information Sharing Scheme. Child Link supports the Child Information Sharing Scheme by combining information from existing government source systems into a single entry for every Victorian child, in accordance with Part 7A of the .
Professionals working with children need readily available, accurate information on children in their care to support early identification of risks and vulnerabilities. Early and more responsive information sharing can empower professionals to identify issues and vulnerabilities, provide earlier supports and prevent the escalation of risk into harm.
Child Link creates an entry for each Victorian child from birth to 18 years of age at the time a child first interacts with one of the prescribed early childhood or education services, maternal and child health services or if a child protection order is made in respect of the child. The information displayed on Child Link is limited by legislation and will include key information about a child and the child’s participation in key early childhood and education services.
The professionals who may be authorised to be Child Link Users are limited to specific roles which have responsibility for child wellbeing and safety and is restricted by law. Some of the authorised professionals permitted to become Child Link Users include Maternal and Child Health nurses, school principals and key staff at schools, early childhood teachers, and Child Protection practitioners.
Child Link Users will work for an information sharing entity; however, not all information sharing entities will have Child Link Users. Child Link Users may disclose confidential information contained in Child Link in accordance with disclosure provisions within Part 7A of the and under the Child Information Sharing Scheme.
The outline Child Link’s policy, operational and technological features, and provide context to Part 7A of the Child Wellbeing and Safety Act, including how information from Child Link may be shared under the Child Information Sharing Scheme.
Other information sharing permissions and obligations
There is a range of information sharing mechanisms outside the Child Information Sharing Scheme.
Child safety reporting and information sharing obligations continue to apply, including:
- mandatory reporting obligations, reporting to child protection if there is a significant risk of harm, and information sharing with child protection under the Children, Youth and Families Act
- obligations created by the ‘Failure to Protect’1 and ‘Failure to Disclose’2 offences under the
- sharing information about Reportable Conduct Scheme allegations and investigations under the .
Information sharing entities are required to meet the data security standards of laws that apply to them.
Information sharing under privacy law
Existing privacy laws permit sharing information in a range of circumstances such as:
- with the consent of the client
- in a number of circumstances including to lessen or prevent a serious threat to the life, health, safety or welfare of a person
- for the primary or a related secondary purpose for which the information was collected.
The Health Records Act continues to apply to any information sharing entity that is a public sector body, a private health service provider or any other organisation that collects, holds or uses health information, including health information shared under the scheme.
- information sharing entities are not obliged to collect personal or health information about an individual directly from that person (as might otherwise be required under Information Privacy Principle 1.4 or Health Privacy Principle 1.3) if they are collecting the information from another information sharing entity under the scheme
- if an information sharing entity collects personal or health information about a person from another information sharing entity under the scheme, it will not be obliged to take reasonable steps to notify that person that their information has been collected (as might otherwise be required under Information Privacy Principle 1.5 or Health Privacy Principle 1.5) if doing so would be contrary to the promotion of the wellbeing or safety of a child
- information sharing entities will not be obliged to obtain consent from any person before collecting information under the scheme, including ‘sensitive information’ for the purposes of Information Privacy Principle 10.1 (such as information about a person’s criminal record) if they are sharing in accordance with the scheme.
The following section provides more information about notification requirements under the Privacy and Data Protection Act and the Health Records Act.
Existing notification requirements under privacy law
If an organisation collects information directly from the person to whom the information belongs, Information Privacy Principle 1.3 and Health Privacy Principle 1.4 require the organisation to ‘take reasonable steps’ to make that person aware of particular matters at or before the time the information is collected, or as soon as practicable after.
These particular matters include:
- the identity of the organisation collecting the information and its contact details
- the fact that the individual is able to gain access to the information
- the purposes for which the collection is collected
- any parties (or types of parties) to which the information of that kind is usually disclosed
- any law that requires the information to be collected
- the main consequences (if any) for the individual if they do not provide all or part of the information sought.
An information sharing entity is only obliged to give notice to the person to whom the information relates if it is reasonable in the circumstances to do so. For example, it may be unreasonable to take steps to provide an organisation’s contact details, where the person has initiated the contact with the organisation and is therefore already aware of this information.
Similarly, it may be considered unreasonable to give notice about access rights to information, where giving access would not promote the wellbeing or safety of a child, or would raise personal safety risks for other individuals.
All information sharing entities should review their forms and other relevant documents used to facilitate the collection of client information (such as client privacy policies and service induction material) to ensure that these adequately cover notice requirements.
If information sharing entities wish to share information collected prior to the scheme’s commencement, they must also consider what reasonable steps can be taken to make individuals aware of relevant changes to the way their information is to be handled. Relevant changes are those that are likely to have a direct impact on personal privacy, consent requirements, or a person’s engagement with a service.
For example, if the individual is contactable and it is safe to do so, an updated collection notice could be provided to them. The means of communication should take into account their privacy and any risks that contacting them directly might pose to themselves or another person.
In some cases, a collection notice in use prior to the scheme’s commencement will be sufficient and may not need to be updated if its wording already covers information handling and sharing of the kind intended by the Child Information Sharing Scheme.
Secrecy and confidentiality provisions
Secrecy and confidentiality provisions continue to apply unless expressly overridden by the Child Information Sharing Scheme (outlined below). In other words, if information is restricted from being shared under another law, and that law has not been overridden by the scheme, then these restrictions continue to apply. All organisations should be aware of their obligations under other laws.
Provisions that the Child Information Sharing Scheme overrides
The Child Information Sharing Scheme overrides the following provisions in other Victorian legislation to improve information sharing and allow the scheme to operate as intended:
Table 1: Legislative provisions overridden by Part 6A of the Child Wellbeing and Safety Act 2005
Information obtained in the following official capacities
Information collected or obtained in the following ways
|Legislation overridden by the Child Information Sharing Scheme||Information that can be shared under the Child Information Sharing Scheme|
|Section 181||Information with respect to firearms licences|
Information about proceedings, orders or warrants
This means that information can be shared under the Child Information Sharing Scheme, even if one of the listed provisions would otherwise restrict information from being shared. It is important to note that these provisions are only overridden if an information sharing entity is lawfully sharing in accordance with the Child Information Sharing Scheme. Otherwise, the provisions will continue to restrict any sharing of information outside the Child Information Sharing Scheme.
Penalties may apply for the unauthorised sharing of information.
Information sharing entities should ensure that they and their staff are aware of:
- any privacy, secrecy or confidentiality provisions that apply to them
- the circumstances in which those provisions continue to restrict the sharing of information, and when they are overridden by the Child Information Sharing Scheme.
Provisions that the Child Information Sharing Scheme does not override (key legislative provisions that continue to apply)
Secrecy and confidentiality provisions continue to apply unless expressly overridden by the Child Information Sharing Scheme.
In other words, if information is restricted from being shared under another law and that law has not been overridden by the Child Information Sharing Scheme then these restrictions continue to apply. All organisations should be aware of their obligations under the law.
Please be aware that Table 2 is not an exhaustive list of all the information restrictions contained in all Victorian legislation that have not been overridden by the Child Information Sharing Scheme. Table 2 is an attempt to capture the information restrictions contained in Victorian legislation that may be relevant to the sharing of information concerning a child or group of children and therefore which may be important to consider when intending to share information under the Child Information Sharing Scheme.
Table 2: Key legislative provisions that continue to apply
Details of an investigation
Information that can identify certain persons
Information acquired through the following conciliation or alternative dispute resolution
Information contained in particular assessment reports
Sex offenders register
Information related to organised crime offences
Preventative detention orders
Providing access to information for a child, family member or third party
People may seek access to their information under privacy and freedom of information (FOI) laws. Under Information Privacy Principle 6, Health Privacy Principle 6 or the , an organisation that holds personal information about an individual, such as a child or parent, must provide the individual with access to their information on request. However, under the Child Information Sharing Scheme, an information sharing entity may refuse to give an individual access to their own confidential information if they believe on reasonable grounds that giving the individual access to the information would increase a risk to the safety of a child or group of children.
Any person may make a request to access information under the . However, a document does not have to be disclosed if it would involve the unreasonable disclosure of information relating to the personal affairs of a person (including a deceased person). When deciding whether providing a document to a person would meet this exemption, the relevant information sharing entity must take into account whether disclosure of that information would increase the risk to the safety of a child or group of children. Organisations and services should ensure that relevant business areas responding to FOI requests are aware of the child safety risk exemption and are trained to identify child safety risk.
For example, an information sharing entity should not provide information to the perpetrator of abuse, including family violence, if that information may result in a risk to the safety of any children involved.
Responding to subpoenas
An organisation that holds information collected under the Child Information Sharing Scheme may be subpoenaed to produce that information.
A court may issue a subpoena for an organisation to produce documents to assist the court in considering a matter before it. A subpoena may be sought by any party to a court proceeding and must be complied with unless the court decides differently.
A subpoena may request that certain documents be provided to the court such as case notes, files or any other records. Subpoenaed documents do not automatically become evidence in legal proceedings. However, even if the documents are not used in evidence, the information contained in them, if released, could potentially cause harm or distress to a child or family member.
If an organisation receives a subpoena to provide information about a child or family member, that organisation should seek legal advice on how to respond before providing any information.
A subpoena may be challenged on a number of grounds, including:
- that it is oppressive, vexatious or a ‘fishing expedition’
- that it does not demonstrate a legitimate forensic purpose
- on the basis of a privilege at law
- on the basis of public interest immunity.
An objection can also be made seeking orders to limit a party’s level of access to any documents produced.
Other legislative provisions may apply to the issuing of and compliance with subpoenas, for example section 32C of the and legislation and rules relating to the type of case or Court (e.g. the and Family Court Rules).
Organisations are encouraged to:
- carefully read instructions provided on complying with subpoenas, including in relation to producing the documents, and seek legal advice as appropriate
- consider and take steps to manage any potential impact on the safety of a child or relevant family member when considering how to respond to the subpoena
- notify the child and/or relevant family member that a subpoena has been received, if their records have been subpoenaed and they are not parties to the proceeding.
3 Victoria’s privacy laws were amended by the in 2017 to remove the requirement for a serious threat to also be ‘imminent’ in order for organisations bound by the or to share information without consent.
Reviewed 09 January 2023