Social Justice and Social Security Committee [Draft]

Meeting date: Thursday, December 7, 2023

Official Report 710KB pdf

---

Subordinate Legislation

---

Social Security Information-sharing (Scotland) Amendment Regulations 2024 [Draft]

The next item of business is consideration of a Scottish statutory instrument. The instrument is laid under the affirmative procedure, which means that Parliament must approve it before it can come into force. I welcome Shirley-Anne Somerville, the Cabinet Secretary for Social Justice, and her officials from the Scottish Government, who are Camilo Arredondo, solicitor, and Kelly Donohoe, cross-cutting benefits policy official. Thank you for joining us.

Following this evidence session, the committee will be invited under the next agenda item to consider a motion on approval of the instrument. I remind everyone that the Scottish Government officials can speak under this item but not in the debate that follows.

I invite the cabinet secretary to make a short opening statement.

The primary focus of Social Security Scotland is to ensure that people receive the assistance that they are entitled to, putting the person first and treating them with fairness, dignity and respect, in line with the key principles of the Social Security Scotland charter. However, the Scottish Government recognises that, in undertaking that role, Social Security Scotland engages with some of the most vulnerable people in Scotland. Inevitably, that will lead to instances in which it becomes apparent that a person might be at risk of harm. To adequately support people in that situation, we must have a clear and robust process in place.

As such, and in keeping with our commitment to support the wellbeing of the people whom we engage with, in March 2022 a public consultation was launched seeking views on creating a specific legal gateway for Social Security Scotland to make to the relevant authorities referrals concerning risk of harm. The consultation responses demonstrated overall support for the proposal.

It is important to make a distinction between cases in which a person might be at risk of harm and those in which there is an immediate threat or risk to life. Situations in which immediate threat or endangerment to life are observed are reported to Police Scotland under the common law duty of care. The regulations that we are considering today cover sharing of information when a person is at risk of harm, with harm variously being defined, depending on the sharing, to include significant neglect; physical, mental or emotional harm; or the likelihood of their causing self-harm.

Child and adult protection services in local authorities are governed by legislation that is underpinned by Scottish Government national guidance on child protection and by a code of practice for adult support and protection. Those allow referrals to be made by Government agencies and third sector organisations that engage with vulnerable people and which may have cause to refer concerns of harm. In July 2022, the code of practice was updated to include Social Security Scotland as one of the agencies, in recognition that the agency is a key partner with a role to play in supporting vulnerable people.

Referrals in which a risk of harm has been identified are currently being made by Social Security Scotland under an interim process while the regulations are being considered. The agency has a safeguarding team that is staffed by qualified health and social care professionals, who review all concerns that are raised and, where appropriate, make referrals using a gateway in health legislation.

However, that legislation covers sharing of information that is related only to physical and mental harm and does not cover financial abuse. The regulations will enable the sharing of information relating to harm that is caused by financial abuse.

Furthermore, for the purposes of transparency, I consider it appropriate to create a bespoke and explicit legal gateway to cover safeguarding referrals from the agency. Additionally, in drafting the regulations, officials identified that, where a person is an adult with incapacity under the Adults with Incapacity (Scotland) Act 2000 and has a power of attorney, a legal guardian or is subject to an appropriate order, the public guardian has authority to investigate concerns of financial or property abuse. The drafting therefore includes referrals to the Office of the Public Guardian when that is suspected.

The process of preparing the regulations has involved significant engagement with relevant parties, including the Information Commissioner’s Office, local authorities, health and social care officials, information governance policy leads, social work leads and data protection officials.

The regulations make provision for Social Security Scotland to make referrals only where there is concern about risk of harm. That is to ensure that there is no interference with the investigating powers or decision-making processes of local authorities. It remains for local authorities to make risk assessments and to evaluate additional help that is required by the individual.

For the avoidance of doubt, the sharing for which the regulations provide will ensure that such a referral will have no impact on the assessment of a person’s application for assistance; that only information that is relevant to the risk of harm that has been observed will be shared; that consent from the individual who is being referred will be sought in most instances—although I have included provisions for cases to be referred in which consent cannot reasonably be obtained; that no information concerning a referral of concern of a risk of harm will be held on a person’s file relating to their application for assistance; and that such a referral will be stored in a separate restricted access file, in line with data protection laws.

The aim of the regulations is to support vulnerable people who are identified as being at risk of harm by referring them to the appropriate authority for help and support, which—as I am sure the committee will agree—is a positive action for the people who need it most.

Thank you, cabinet secretary. We move to questions. Our questions will be directed to you, but you are, of course, welcome to invite an official to respond, should you wish to do so.

Good morning, cabinet secretary. What training and guidance are in place to ensure that data sharing is proportionate? You alluded to this in your opening statement, but can you give us a more detailed idea of what you think is proportionate?

All staff have mandatory data protection training, which is refreshed annually. Staff training on identifying vulnerable people who are at risk of harm has been delivered alongside guidance and a process that ensures that staff can raise concerns quickly and effectively. All concerns that are identified are discussed with a line manager and then forwarded to the safeguarding team that I mentioned in my opening remarks. As I said, that dedicated safeguarding team comprises experienced professionals who are responsible for considering referrals and reporting to the appropriate authority. The team is overseen by the deputy director for health and social care and the chief medical adviser. That experience and knowledge inform the proportionality of the information sharing.

The process has many levels and it involves many checks and balances with a view to ensuring that all staff are trained and that information is shared sensitively within the agency and, in particular, the safeguarding team, which has a great deal of experience.

Good morning, cabinet secretary. I suspect that the regulations have been designed with a view to bringing about quality changes in practice that will make a difference to vulnerable individuals. What changes in practice do you envisage may come about? How will that be monitored?

At present, as I mentioned in my opening remarks, concerns about risk of harm are referred to local authorities under the National Health Service (Scotland) Act 1978. However, as I mentioned, that does not cover scenarios of financial harm or financial abuse, which is an important aspect of the system that we develop in the regulations. As well as filling those gaps, the regulations absolutely maintain our commitment to supporting some of the most vulnerable people we engage with. Although we have had an interim process in place, it is important that we set out our approach in a clear and transparent fashion.

Monitoring is extremely important, given the sensitivity of the information and the importance that the agency and the Government overall attach to ensuring that we deal with it sensitively, appropriately and thoroughly. A new system of records is being developed to record statistics. Given the sensitive nature of the information in question, it is not held in the main system for all staff to see; it is held in a sensitive way such that only the staff who are dealing with the issues in question will be able to see it. They will be able to monitor that and report up to the executive team as required.

That is really helpful. If I appeared distracted during your reply, that is because I wanted to check the name of a project. [Interruption.] That was not very professional. I will tell you why I was looking at my phone. Last week, I invited to Parliament members of a project called “Financially Included”, but its name had escaped me. It deals with economic abuse of women; it supports women to escape such abuse and put their finances back on track having suffered it.

I was very interested to hear what you said about that kind of abuse and exploitation. Can you say any more about how that could help women in particular? You could do that now, or perhaps you could contact the committee after the meeting. I am conscious that economic abuse is a key issue in the 16 days of activism against gender-based violence. If you want to address that now, it would be quite nice to get it on the record this morning. I apologise for that distraction, but I wanted to check that I had my details right about the question that I was about to ask.

10:15  

I thought that I had lost you halfway through my answer, Mr Doris, but that is fine. I have met and visited the offices of the project that you mentioned. I noticed that you had that event and I had hoped to come down to meet them again. I was impressed by the work that the project does and I am pleased to see it recognised in the Parliament.

While I was on that visit, we spoke in great detail about the real concern that we should all have to ensure that abuse is seen in the widest sense, including financial abuse. That is why I was clear in my opening remarks about the need for us to recognise all abuse, including financial abuse. It is a clear concern for many different demographics. The committee will be aware that particular concerns have been raised about older clients and financial abuse towards them. Mr Doris rightly mentioned aspects around domestic abuse and financial control being part of that. I hope that the regulations will be able to assist those women in those types of situations, if agency staff come across that.

I invite John Mason to ask his questions.

How should clients be informed that their information might be used in this way?

One of the reasons for having the regulations is to make sure that we are not working under the interim measures that I spoke about and that we are transparent about what is in place. There are data protection and privacy notice statements on the gov.scot website and they make it clear that we will share information. The website also includes mention of safeguarding, which clearly states that information will be shared in very specific circumstances when there are safeguarding concerns.

As all committee members will be aware, the sharing of information is an exceptionally sensitive matter, and a great deal of care must be taken to ensure that it is done lawfully. That is why those statements are made as people go through application processes. When it is not possible to ask a client for their consent for their information to be shared, the regulations still allow for that to happen. That is important because, as was mentioned in the discussion with Mr Doris, there may be coercion or other reasons why a client cannot give their consent at that time. We are still obliged to ensure that we share the information with all the care and sensitivity that the committee would expect the agency to show at that point.

My reaction to that is positive, because there is a problem out there that we need to address.

Can you say anything about how the regulations might interact with power of attorney? Would the person who holds the power of attorney be the one who is informed or consulted? Of course, there is a risk that they will be the person who is carrying out the abuse.

I will bring in one of my officials on that.

For clarification, are you asking about power of attorney potentially being held by the person who is committing the abuse against the client?

To be frank, I think that that happens, because there are few checks on people with power of attorney. In a sense, that is a separate issue, but we could be talking about either situation.

In most circumstances, the provisions in the regulations include situations where the power of attorney is with the person committing the abuse against the individual, in which case that would also be one of the points for referral. If it was financial abuse or property abuse that the power of attorney holder was alleged to be committing against the client, that would mean a referral to the public guardian under the new provisions. If it was neglect or physical and emotional abuse that the power of attorney holder was alleged to be committing against the client, there would be a referral to the local authority under the new provisions.

As for a case in which someone else was suspected of committing abuse against the individual, I would have to seek advice from Camilo Arredondo on that, but I do not think that we would seek consent from the power of attorney holder, even though they were standing in the shoes of the client.

That is right. Power of attorney is regulated under the Adults with Incapacity (Scotland) Act 2000, the overseeing body for which is the Office of the Public Guardian in Scotland. Under the regulations, there is a route for sharing with the public guardian in all cases in which a power of attorney holder is involved with a client, whether they are the person who is accused of financial abuse or whether someone else is potentially causing the harm that requires the referral. The exact intricacies of who would be informed would depend on the case in hand, but the regulations set out a means of referring matters to the Office of the Public Guardian and the local authority. That will provide for individual situations.

Depending on the exact circumstances, that will provide a method of getting that information to a relevant authority, which will then carry out further investigations and take any further actions as appropriate. The regulations essentially provide a power to share with a relevant authority. It will be for that authority to use its own legislation and powers to carry out the investigation in more detail, depending on what is required. I hope that that makes sense.

Okay. Thank you.

I invite Katy Clark to ask her questions.

The regulations apply to

“a person with whom they”—

that is, Social Security Scotland—

“come into contact”.

Who, other than clients, would the organisation come into contact with? How would those people be informed about the use of their information?

It might be best if I give an example. In a situation in which an application is being made for child disability payment, contact will clearly have been made with a parent or carer, and a member of our local delivery team might have genuine concerns not necessarily about the child but about the parent or carer. There might be, say, mental health concerns of whatever kind, or a fear that there is domestic abuse. It is very important that, when we talk about dignity, fairness and respect, we apply those things not just to the client but to everybody whom the agency comes into contact with. In that example, the local delivery staff member will be able to come back and go through the processes that we have talked about in order to assist the carer or parent who might be in difficulty, even though they are not technically the client. Perhaps such examples help to bring out the importance of looking at the situation that presents itself to a member of staff as they are going through a case.

Can you say any more about how that information will be used and how the person will be informed? What will be the processes in that respect? Will they be similar to what you have just outlined?

Indeed—they would be the same types of processes. There will be an attempt to achieve consent, but if, for the reasons that we have gone into already, such consent is not appropriate or cannot be given, what we are talking about can still be done.

Thank you.

Roz McCall has a question.

I apologise for this, cabinet secretary, but I want to go back to Mr Mason’s question about how clients will be informed. According to your initial answer, everybody signs up to the initial agreement that there will be information sharing, but the fact is that many people who are in circumstances of stress will agree to a lot of things without fully understanding what they actually mean. In cases in which there can be no explicit consent because of the circumstances that have already been highlighted, how will the individual know that all this is happening, in effect, in the background?

They may not know that a safeguarding concern has been raised and delivered to the local authority or the Office of the Public Guardian. As Camilo Arredondo pointed out, it will be up to those organisations to deal with that as they usually would. Again, that is specifically about allowing a member of the agency’s staff to ensure that any concerns that they have are dealt with in an appropriate process within the agency. There is the legal ability for a concern to be handed over to the relevant authority, which can then use its own powers and usual manner of investigation to look into it. It would be for those authorities to determine what to do with that information and how to deal with the individual concerned.

Again, please excuse my ignorance on this, but we could have a situation in which the first thing that the client knows is when somebody from social work turns up at the door.

In a case where the agency believes that that is the only way that it can be done, yes. For example, the agency may fear that it would make the harm worse and allow a perpetrator of abuse to have more power and control, or more avenues for abuse, if the information is handled in another way. There is a sensitivity around dealing with the information and obtaining consent while also being very careful about how that is done. If it is not done sensitively, that could make an exceptionally difficult situation a lot worse.

Paul O’Kane is next.

Good morning, cabinet secretary. We have probably covered some of this, but are there other situations in which explicit consent would not be given but the information would be shared? I am thinking about some of the existing adult or child protection legislation and about interventions that may have to be made with other relevant authorities even though someone has not explicitly given their consent, in order to protect the public.

Consent is not required where a person lacks capacity to act. An example that might be helpful is referrals to the Office of the Public Guardian where people are covered by the Adults with Incapacity (Scotland) Act 2000. As I mentioned, they cannot give consent.

I have probably touched on the other areas in previous answers. As I said, the regulations provide exemptions to allow for the sharing of information specifically where it is felt that there is “reasonable cause” to suspect that the individual is at risk of harm. That is the important aspect that we always come back to in this respect. I hope that that provides another example of how such a matter would be dealt with.

I invite Marie McNair to conclude our questioning.

Thank you, convener, but I believe that my question was covered in the cabinet secretary’s opening remarks.

Okay. We move to agenda item 4, which is formal consideration of motion S6M-11172.

Motion moved,

That the Social Justice and Social Security Committee recommends that the Social Security Information-sharing (Scotland) Amendment Regulations 2024 [draft] be approved.—[Shirley-Anne Somerville]

I invite contributions from members.

The regulations are definitely a step in the right direction. There is potentially a problem with financial abuse, and anything that we can do to tighten up the system and protect people is very much to be welcomed.

Does anyone else want to comment?

I am totally behind the understanding that underpins the change, and I think that it is important. I will always have a concern that the individual or the client may, in a lot of cases, be circumvented in certain ways. I accept whole-heartedly the attempt to move forward, and it is important that we do so, but there will always be a little question mark at the back of my mind, as the individual still needs to be at the heart of everything that we do.

I invite the cabinet secretary to sum up and respond to the debate.

10:30  

I have very little to add, convener. To respond to Roz McCall’s point, I note that the set of regulations is an attempt to ensure that the individual remains at the heart of everything that we do. The existence of a threat of harm to an individual is the reason why we would take the approach, which we recognise is a very serious step, of using the regulations. I hope that I can reassure Roz McCall that the intent is to ensure that we protect some of the most vulnerable people in our society, some of whom, simply because of their circumstances, may not be able to give their explicit consent. The reason why we are seeking to make the regulations is very much based on the need to protect those individuals.

The question is, that motion S6M-11172, in the name of Shirley-Anne Somerville, be agreed to.

Motion agreed to,

That the Social Justice and Social Security Committee recommends that the Social Security Information-sharing (Scotland) Amendment Regulations 2024 [draft] be approved.

The committee will report on the outcome in due course. I invite the committee to delegate to me, as convener, authority to approve a draft of the report for publication. Do members agree to do so?

Members indicated agreement.

I thank the cabinet secretary and her officials. That concludes our public business. We will move into private session to consider our remaining agenda items.

10:31 Meeting continued in private until 11:01.