Children's Social Care: Local Authority Designated Officer (LADO)

Privacy Notice

Why do we collect and use this information?

Hampshire County Council is the Data Controller for the purpose of collecting and using personal information in order to carry out our statutory functions around co-ordinating the response to concerns that an adult who works with children may have caused them or could cause them harm. This work is undertaken by the Local Authority Designated Officer (LADO).

We collect information about you in order to comply with this statutory duty and specifically to:

  • process enquires from professionals unsure of how to report the concerns may have for a particular adult working with children and advise them appropriately;
  • process referrals received from members of the public or professional organisations regarding concerns about adults working with children;
  • based on information and evidence provided undertake an assessment of the risk the adult working with children poses;
  • correspond with relevant members of the public, relevant agencies and the adult working with children to assess the risk;
  • provide the children and the family of the children affected by the behaviour of the adult with the appropriate support where necessary;
  • correspond with relevant agencies and the adult working with children to assess the risk;
  • undertake multi-agency strategy meetings to review the allegations or complaints made;
  • make referrals to professional bodies where appropriate to further investigate the claims and take necessary action;
  • assess the quality of our services;
  • evaluate and improve our services and policies on children’s social care in relation to adults working with children;
  • ensure compliance with our obligations under the accuracy principle of the General Data Protection Regulation (Article (5)(1)(d)), making sure our records about you and your family are up to date.

The following sections provide further detail around the information we process setting out what allows us to do this (lawful basis), who we may share it with, how long we keep it for (the retention period), alongside identifying any rights you may have and who to contact if you think we're not handling your information in the right way.

The categories of information that we collect, hold and share

The following personal and special category information may be processed as part of the LADO's involvement:

  • Your personal information which may include - your name, date of birth, the organisation you work for and the role you undertake at that organisation, address, date of birth, phone numbers, email address). Information about your characteristics may also need to be considered such as ethnicity, gender, religion, language I appropriate to the investigation being undertaken.
  • Your child’s personal information (such as name, date of birth) and information about their characteristics such as gender, religion, ethnicity if applicable; and
  • Information from professionals and agencies about you, your child or your family in support of any investigation.

The lawful basis on which we use this information

We collect and use the information ensuring that we comply with the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA2018) requirements for processing through:

  • Article 6(1)(e) – the processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
  • Article 9(2) (g) – Necessary for reasons of substantial public interest on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguarding measures
  • Sch.1, Pt.2, 1 – Substantial public interest conditions, for processing under the Data Protection Act 2018

These articles under the UK GDPR and DPA2018 are supported by the following specific legislation:

  • Paragraph 4, Chapter 2 of the statutory guidance Working Together to Safeguard Children (2018);
  • Section 11 of the Children’s Act 2004
  • Sections 17 of the Children Act 1989

Under this lawful basis we do not require your consent to process information provided to us but we are required, through this privacy notice, to ensure you are fully informed of why we are collecting this information and what we will do with it.

Please note that no automated decision making (decisions taken without a person involved) occurs for any parts of these activities controlled by the County Council. The County Council does use profiling as part of the service but only as established under the statutory process.

Storing and securing data

The information provided to us will be held within the County Council’s Children’s Social Care Case Management System (CMS). The information held within our Children’s Social Care CMS will be kept in line with our retention schedule and then disposed of as appropriate. Our Children’s Social Care CMS is hosted by the County Council in secure data centres based in the UK. No information leaves the European Economic Area (EEA).

Forms sent electronically (paper forms will be scanned to create an electronic record) will be stored within the County Council’s Document Management System (DMS), with any paper versions being destroyed. The file will be linked to the record created in our Children’s Social Care CMS by the use of a reference identifier. The information held within the County Council’s DMS will be kept in line with our retention schedule and then deleted as appropriate. The County Council’s DMS is hosted by the County Council in secure UK based data centres, which are on site. No information leaves the European Economic Area (EEA).

The County Council takes its data security responsibilities seriously and has policies and procedures in place to ensure the personal data held is:

  • prevented from being accidentally or deliberately compromised
  • accessed, altered, disclosed or deleted only by those authorised to do so
  • accurate and complete in relation to why we are processing it
  • continually accessible and usable with daily backups
  • protected by levels of security 'appropriate' to the risks presented by our processing

The County Council also ensures its IT Department is certified to the internationally recognised standard for information security management, ISO27001.

Who do we share information with?

We do not share information with anyone unless there is a lawful basis that allows us to do so. Any information shared will be done so on the basis that it is necessary, relevant and proportional for the task being undertaken.

When undertaking the assessment, we are required by law to contact a range of professionals and agencies to provide information in order to make a full assessment of the adult working with children. We will only contact those services necessary, relevant and proportional to your individual circumstances but this could include:

  • Other local authorities or District Council’s within Hampshire;
  • NHS organisations, including the NHS England and clinical commissioning groups, NHS Trusts and NHS Foundation Trusts;
  • the police, including police and crime commissioners and the chief officer of each police force in England and the Mayor’s Office for Policing and Crime in London;
  • Hampshire Safeguarding Children Partnership;
  • Voluntary agencies;
  • Disclosure and Barring Service;
  • Social Work England;
  • The governing bodies, management committees/teams or proprietors of educational establishments and early years education and childcare providers;

Requesting access to your personal data and your rights

Under data protection legislation, individuals have the right to request access to information about them that we hold. To make a request for your personal information, or someone you have responsibility for, please contact the Children's Services Department's Subject Access Request (SAR) Team.

You also have the right to:

  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by solely automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
  • claim compensation for damages caused by a breach of the Data Protection regulations

Please note that under the GDPR, there is also a right to erasure but the right to erasure does not provide an absolute ‘right to be forgotten’. Where the data being processed is for the purpose of ‘performing a task in the public interest or for our official functions, and the task or function has a clear basis in law’ (Article 6(1)(e))’, this right does not automatically apply.

Contact Details

If you would like more information about these services please visit our website

Further information

The above information is the specific privacy notice for this service. For more information about your rights in relation to your personal data, see the County Council’s general privacy notice.

You have some legal rights in respect of the personal information we collect from you. See our Data Protection page for further details.

You can contact the County Council’s Data Protection Officer by email [email protected].

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office.