Anti-Social Behaviour Risk Assessment Conference (ASBRAC) Information Sharing Agreement

Transcription

1 Anti-Social Behaviour Risk Assessment Conference (ASBRAC) Information Sharing Agreement INFORMATION SHARING AGREEMENT (ISA) BETWEEN ACIS Addaction Boston Borough Council Boston Mayflower City of Lincoln Council East Lindsey District Council Humberside, Lincolnshire and North Yorkshire Community Rehabilitation Company Ltd Lincolnshire County Council Families Working Together Lincolnshire County Council Children s Services Lincolnshire County Council Child/Adult Safeguarding Lincolnshire County Council Youth Offending Service Lincolnshire Partnership Foundation Trust Lincolnshire Police Lincolnshire Fire and Rescue Longhurst & Havelok Homes North Kesteven District Council South Holland District Council South Kesteven District Council St Barnabas Hospice Victim Support

2 VoiceAbility Waterloo Housing West Lindsey District Council Document Control Information Document Name Anti-Social Behaviour Risk Assessment Conference (ASBRAC) Version V1.2 Status Draft Issued by Corporate Information Governance First Issue date 1 st July 2014 Approved by Lucy Chapman Approval date 16 th December 2014 Revision History Revision Date Next Revision Due Summary of changes 03/07/ months after implementation. Minor amendment made to the ASBRAC ISA at the request of the Lincolnshire Partnership Foundation Trust. Sentence added to section 7 and Appendix 3 added. 1.0 Organisations 1.1 This Information Sharing Agreement is drawn up between: ACIS - ACIS Group Ltd., ACIS House, Bridge Street, Gainsborough, Lincs, DN21 1GG Addaction The New Avenue, Newland, Lincoln, LN1 1XG Boston Borough Council - Municipal Buildings, West Street, Boston, PE21 8QR Boston Mayflower - Chantry House, 3 Lincoln Lane, Boston, Lincolnshire, PE21 8RU City of Lincoln Council - City Hall, Beaumont Fee, Lincoln, Lincs, LN1 1DD East Lindsey District Council - Tedder Hall, Manby Park, Louth, Lincs, LN11 8UP Humberside, Lincolnshire and North Yorkshire Community Rehabilitation Company Ltd 8 Corporation Street, Lincoln, LN2 1HN Lincolnshire County Council - County Offices, Newland, Lincoln, Lincolnshire, LN1 1YL Lincolnshire County Council Families Working Together Rauceby Terrace, Lincoln, LN1 1YL Lincolnshire County Council Children s Services - Orchard House, Orchard Street Lincolnshire County Council Child/Adult Safeguarding - Orchard House, Orchard Street Lincolnshire County Council Youth Offending Service - Witham Park House, Waterside South, Lincoln, LN5 7JN

3 Lincolnshire Partnership NHS Foundation Trust - Trust HQ, Unit 8, The Point, Lions Way, Sleaford, Lincs NG34 8GG Lincolnshire Police - Lincolnshire Police, PO Box 999, Lincoln, Lincs, LN5 7PH Lincolnshire Fire and Rescue Lincolnshire Fire and Rescue Headquarters, South Park Avenue, Lincoln, LN5 8EL Longhurst & Havelok Homes - Leverett House, Gilbert Drive, Endeavour Park, Boston, Lincs, PE21 7PQ North Kesteven District Council - District Council Offices, Kesteven Street, Sleaford, Lincs, NG34 7EF South Holland District Council - Council Offices, Priory Road, Spalding, Lincs, PE11 2XE South Kesteven District Council - Council Offices, St Peter's Hill, Grantham, NG31 6PZ St Barnabas Hospice - Specialist Palliative Care Unit, 36, Nettleham Road, Lincoln LN2 1RE Victim Support 16 Melville Street, Lincoln, LN5 7BW VoiceAbility - Total Voice Lincolnshire, 5 Saxilby Enterprise Park, Skellingthorpe Road, Lincoln, LN1 2LR Waterloo Housing Group - Keily House, Gresley Road, Louth Lincs, LN11 8FG West Lindsey District Council - Guildhall, Marshall's Yard, Gainsborough, Lincs, DN21 2NA 1.2 This Information Sharing Agreement is a live document and will be updated and amended to include relevant Partner Agencies as they join, or leave, the agreement. Further signatories will be added after agreeing to the terms and conditions of this agreement and signing Appendix In exceptional circumstances agencies who have not signed up to this agreement may attend a meeting if they are required to support the ASBRAC procedure and a legal gate-way for sharing personal data has been established. Organisations not signed up to this agreement may only attend if those agencies signed up to this ISA in attendance at the meeting allow them to do so. Considerations should then be given as to whether the agency in attendance but not signed up to the agreement should be added as a partner to this document and sign up via Appendix 2. Where possible only representatives who have information to be shared relating to the named individuals should be present at the part of the meeting and when that information is shared. 2.0 Aim of the agreement The aim of this Agreement is to provide a framework for partner organisations who need to share personal data and to establish and regulate working practices between partner organisations. The Agreement also provides guidance to ensure the secure transfer of information, and that information shared is for justifiable need to know purposes. This ISA should be read in conjunction with the following documents: Anti-Social Behaviour Risk Assessment Conference (ASBRAC): Guidance and Operating Procedures. Sentinel Information Sharing Agreement Lincolnshire Community Safety Partnership Information Sharing Agreement Safer Housing Partnership Information Sharing Agreements. 3.0 ASBRAC Aims:

4 The ASBRAC process brings local agencies together to address the needs of ASB victims, perpetrators and locations that have been identified most at risk of harm or causing harm. It provides a multi-agency meeting to consider and address the most complex and high risk cases and applies the most appropriate means of intervention. The aims of the ASBRAC are: To identify and reduce the harm of high risk and vulnerable victims of ASB. To share information in order to increase the safety, health and well-being of victims. To identify and manage ASB hotspot locations. To identify and take appropriate action against repeat or high risk perpetrators of ASB. To jointly construct and implement a risk management plan providing professional support to all those identified as at risk and reduce and/or manage the risk of harm. To improve agency accountability. To improve support for staff involved in high risk ASB cases by using a multi-agency approach. 4.0 Data required Due to the nature of the ASBRAC meetings it is not possible to provide an exhaustive list of the types of information that may be disclosed during a meeting. However, in order to ensure that the ASBRAC meetings fulfil their aims to reduce harm associated with anti-social behaviour, it is essential that all relevant information relating to the data subject or locality is disclosed. The types of information that may be shared in relation to high risk victims of ASB include: Information relating to their personal circumstances, which may affect their vulnerability: o mental health issues, o learning/physical disabilities, o family network, o living environment. How the ASB is effecting the data subject: o physically, o mentally, o emotionally. Support mechanisms already in place o carer, o family support worker. Previous complaints of ASB related to the case. The types of information that may be shared in relation to prolific perpetrators of ASB include: Disposal history (linked to ASB or an associated crime), Personal circumstances:

5 o drug abuse, o alcohol abuse, o homelessness, o mental health issues, o learning disability. Support mechanisms currently in place: o support worker, o seeking drug/alcohol treatment, o engaging with homelessness services. 5.0 Power(s) This agreement fulfils the requirements of the following: The Crime and Disorder Act 1998 (section 115); Common Law Powers of Disclosure; The Rehabilitation of Offenders Act 1974; The Human Rights Act 1998 (article 8); The Data Protection Act 1998 (sections 29(3) & 35(2). Children Act 1989 The Housing Act 1988 The Housing Act 1996 Housing Act 2004 Anti-social behaviour, Crime and Policing Act 2014 Equality Act 2010 Police Reform Act 2002 Localism Act 2013 The Criminal Justice Act 2003 Police and Criminal Evidence Act General Process 6.1 This agreement has been formulated to facilitate the exchange of information between partners. It is, however, incumbent on all partners to recognise that any information shared must be justified on the merits of each case. 6.2 The sharing of personal data requires careful judgement in which the identified need to disclose information must be considered against relevant issues dictated under Data Protection and Human Rights legislation. Information shared through this agreement must be accurate, necessary and proportionate. Accurate: All information must be accurate and relevant to the purpose for which it is being shared with proper reference made to the nature of the source and the intelligence itself. Necessary: The necessity to share information between the Partner Organisations is to effectively deal with issues concerning the prevention, detection, investigation and prosecution of those persons engaged in criminal activity and/or anti-social behaviour, and an on-going responsibility to protect public safety.

6 Proportionate: In considering whether to share personal information all parties have a duty to ensure that a fair balance is achieved between the protection of an individuals rights and the general interests of society. In judging whether it is appropriate to share such information Partner Agencies will examine whether the identified purpose infringes upon the subject s right to privacy, the appropriate measures to meet the purpose are both fair and rational and also that the means used are no more than is necessary to accomplish the purpose. 6.3 Information Exchange Information Exchange relates to a physical exchange of data between one or more individuals or agencies. Advice from the Information Commissioner indicates that public authorities may exchange data, provided that: They have notified their intention to do so That the process of exchange is in accordance with the Data Protection Act, in particular the eight principles forming Part 1 of Schedule 1 There is a statutory or common law power to do so. 6.4 Fair Processing. The Data Protection Act requires the fair processing of information unless an exemption applies. In particular, fairness involves being open with people about how their information is used. Partner Organisation should have a fair processing notice or a privacy notice that is accessible to the public which states how the information may be processed and shared. This Information will be made publically available on Lincolnshire Polices website. The most likely exemption from the fairness requirement is sharing personal data for the prevention and detection of crime and disorder, where the disclosure of that fact would be likely to prejudice the investigation. In the majority of cases information shared through this agreement will be processed fairly by informing the data subject of the originating organisations intention to share their information. This can be done when the requesting organisation seeks explicit consent from the data subject for the sharing of their personal data. 6.5 Reasons for Information Exchange The processing and analysis of information and where appropriate, intelligence, is essential for identifying and limiting the activities of those committing crime and disorder along with the associated problems which adversely affect community safety and the quality of life. 6.6 The exchange of appropriate information is fundamental to the success of any strategy implemented for the purposes of reducing crime and disorder. 6.7 The opportunities for information exchange therefore: Assist strategic and tactical planning to disrupt crime. Assist Crime and Disorder partnerships to implement the provisions of the Crime and Disorder Act 1998 and other subsequent legislation. Assist agencies to exchange information where a power exists to do so, in accordance with the Data Protection Act the Human Rights Act and any other relevant legislation. 6.8 Benefits of information exchange The benefits of appropriate information exchange are: Better informed decision making and partnership working

7 Enhanced inter-agency relationships Improved profiling of crime and disorder activity thus allowing a more effective targeting of resources. Reduction of Crime and Disorder throughout Lincolnshire. Effective monitoring and evaluation of all community safety initiatives 7.0 Specific Procedures 7.1 The process used to share information for the ASBRAC is as follows: Agency identifies a high risk victim, perpetrator or location of anti social behaviour using a risk assessment process. A case is created on Sentinel (ASB Case Management System) if it is not already recorded on the system (Registered Social Landlords will only do this with the victims consent). The agency completes the appropriate ASBRAC referral form (dependant on whether the referral is for a victim, perpetrator or location) and attaches it to the Sentinel case. The referring agency must seek consent from a victim in order to submit a referral. If consent is refused the agency can consider overriding this decision. If this agreed an information sharing without consent form must be completed and attached to Sentinel. If consent is not overridden a referral to ASBRAC cannot be submitted. Agency sends a copy of the referral to the ASBRAC Co-ordinator via secure to be included on the agenda. 7 days prior to the meeting the ASBRAC Co-ordinator will circulate the agenda, which includes a copy of each ASBRAC referral form, to all members of the ASBRAC. This will be done by secure only. For Lincolnshire Partnership NHS Foundation Trust (LPFT) this will be sent to the Records Management Team as per the ASBRAC information sharing protocol for LPFT (Appendix 3). Members will be asked to view the referrals due for discussion and research their own records in preparation for the meeting. On arrival at the meeting all members will complete a signing in sheet. The ASBRAC Chair will open the meeting with the Confidentiality Statement. Each referral will be discussed individually. Each agency will be asked by the Chair to share any information they have related to the case. During the meeting the ASBRAC Co-ordinator will input the minutes and any agreed actions directly onto the case working sheet on Sentinel. No less than 5 days after the meeting a copy of the minutes and actions will be circulated to all members (via secure ). All actions are to be completed by the agreed deadline and the Sentinel case updated. Agencies without access to Sentinel will inform the lead agency who will update the case on their behalf. 8.0 Specific Conditions

8 Security 8.1 Partner agencies should establish common rules for shared data security, in order to ensure compliance with the Data Protection Act. As best practice the disclosing organisation should make sure that any personal information they disclose will continue to be protected by ensuring that the recipient organisation has adequate security measures in place. 8.2 As part of Lincolnshire Police s responsibility regarding the data they process/control, the security guidance within this document should be agreed to and signed up to by all the parties involved within this agreement. However, it must be noted that the recipient agency/ies has legal responsibility for any information that has been shared as a result of this information sharing agreement, this includes its security. 8.3 Agencies that have adequate security measures in place to ensure compliance with the Data Protection Act should apply their own security procedures to any shared information. 8.5 Security Guidance It is essential that the participating agencies provide personal or other sensitive information only to specific individuals authorised to receive it. The transfer, use, storage and retention of the information by each participating agency must comply with the Data Protection Act, and should comply with the security requirements stipulated within this agreement. Any additional security requirements that an agency wishes to specify must be done so in agreement with all parties involved within this document. 8.6 General Principles Ensuring that personal information is protected against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access is the seventh principle of the Data Protection Act Partners should ensure they have appropriate security in place and arrangements to monitor these. A key issue, especially for electronic documentation, is the consistent use of encryption and secure information exchange. Unguarded exchange of personal information may not only infringe the rights of the individual subject or others that may be identifiable from the information, but also compromise the organisations sharing information or jeopardise any proceedings or legal measure based upon that information. With remote working there is an issue about storing personalised information on flash drives/memory sticks and of encryption. Partners sharing personal information are responsible for ensuring laptops, drive or removable electronic media containing personal information used for remote working are encrypted, and have Home Office approved levels of security. To comply with national guidance encryption should be at least 256 bit. Recent Home Office guidance with respect to third party suppliers suggests that: a) No unencrypted laptops or drives or removable electronic media containing personal information should be taken outside office premises. b) No transferring of any protected personal information from Home Office approved systems to third party suppliers owned laptops, PCs, USB keys, external drives and any other electronic media is permitted. 8.7 Secure Information Exchange Personal data should only be transferred via when both the disclosing and recipient organisation utilise a secure address.

9 Electronic exchange can be the most secure and auditable means of exchanging information provided this is done using suitable secure technology. Standard , even with encryption, is not generally sufficiently secure to protect personal information. Personal information should only be exchanged electronically using a secure messaging system. Attendees at meetings where personal data is discussed must also ensure that controls applied to agenda and minute documents are as secure as those used for requesting and securing personal information, since these will often name the individuals being considered and contain elements of the information contributory to the decision making process. Records of meetings and personal information must be subject to the principles set out in the ISA, particularly in relation to purpose and retention. If a recipient organisation wishes to remove shared information from their premises, they must ensure that the information is kept secure at all times, must not be made available to individuals who are not authorised to see it, and must only be used for the purposes specified within the Information Sharing Agreement 8.8 Sharing information securely It is important that information is shared securely. Those who receive personal data should take appropriate measures to protect the data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and against all other unlawful forms of processing. This includes when data is being shared and stored both electronically and manually (e.g. paper). All designated Officers who have access to personal data should have been assessed for reliability in line with the employer s requirements for the role, for example Disclosure and Barring Scheme (DBS) checks. A greater degree of staff vetting and/or training is needed where there is a greater importance that relevant data be secure. The information Commissioner has issued the following guidelines concerning obligations for agencies: a) Does the data controller have a security policy setting out management commitment to information security within the organisation? b) Is the responsibility for the organisations security policy clearly placed on a particular person or department? c) Are sufficient resources and facilities made availability to enable that responsibility to be fulfilled? Shared information should be stored securely, and if no statutory guidance dictates otherwise the recipient organisation should destroy the information when it is no longer needed for the purpose for which it was provided. If an organisation does not have the means to securely destroy shared information, they should consider returning the data to the originating organisation for destruction. 8.9 The Government Protective Marking Scheme (GPMS) The Government Protective Marking Scheme is applied to data held by Lincolnshire Police. In order to ensure that the same protection is afforded to Lincolnshire Police data once it has been disclosed to a partner agency, the partner organisation should handle, store and delete police data according to the Government Protective Marking Scheme. Appendix 1 provides further guidance on the GPMS.

10 Organisations that already have security procedures in place that afford data the same protection as the GPMS should apply the same regulations to data disclosed by Lincolnshire Police or any other partner organisation Transmitting information securely When sharing information both the sender and the receiver should deal with the information according to its protective marking. See Appendix 1 for handling requirements in line with protective marking. Secure Lincolnshire Police documents must display the Protective marking at the top and bottom of the relevant text or attachments. Insecure should not be used for any personalised information. The below secure addresses may be used for information protectively marked up to and including RESTRICTED: a) CJSM b) PNN c) GSI d) GSX e) NHS.net f) GCSX g) MOD Criminal Justice Secure When using CJSM.net it is important to remember to correctly align the suffix for secure information exchange as outlined below. Organisation Normal Suffix suffix for secure sharing with Government Connect Government Connect is a pan-government programme providing an accredited and secure network between central government and every local authority in England and Wales. The network is known as GCSX (Government Connect Secure Extranet). GCSX is part of the wider Government Secure Intranet (Gsi) and provides connectivity to nearly all central departments. GCSX provides secure access form connected Local Authorities to many other secure networks such as: Government Secure Extranet (GSX) Government Secure Intranet (Gsi) National Health Service (NHS) Criminal Justice Extranet (CJX) Police National Network (pnn)

11 9.0 Constraints on the use of the information 9. 1 If an agency wishes to disclose shared information to a third party, as best practice the agency should seek written consent from the agency that provided the information. If a statutory requirement for disclosure exists then consent for further disclosure is not required. Any agency must ensure that all principles of the Data Protection Act are adhered to. Therefore, if an agency makes a further disclosure to a third party they must ensure that the sharing of personal data is not processed in any manner incompatible with the purpose/s it was obtained for. 9.2 As best practise all information shared is only valid at the time of provision, and should only be used for the purpose as requested. However, once information has been uploaded onto the Sentinel system all organisations that have access to Sentinel become the Joint Data Controllers for the shared information therefore the information may be used for subsequent investigations, if it is being used for a purpose that is compatible with the purpose for which it was obtained, i.e. prevention and detection of crime and disorder. For those organisations that do not have access to the Sentinel system the recipient organisation becomes the Data Controller for the shared information. Therefore, the information may be used for subsequent investigations by these organisations, if it is being used for a purpose that is compatible with the purpose for which it was obtained, i.e. prevention and detection of crime and disorder. 9.3 Disclosures Disclosures of information and in particular, personal data are bound to both common and statute law in particular, but not restricted to the following: The Common Law Duty of Confidentiality The Data Protection Act 1998 The Human Rights Act 1998 Any disclosure of personal data must have regard to both common and statute law. For example, defamation, the common law duty of confidence and the data protection principles. Consideration should always be given to alternative powers that exist for the purposes of data disclosure: 9.4 Consent Many of the Data Protection issues in relation to disclosure can be avoided if the consent of the individual has been sought and obtained. Consent must be freely given after the alternatives and consequences are made clear to the person from whom permission is being sought. This will be considered to be informed consent. For the purposes of this agreement, the term sensitive, where applied to data refers to the categories of data termed sensitive within the Data Protection Act Witnesses, Victims and Complainants Extreme care and careful consideration should be taken where the disclosure of information includes details of witnesses, victims or complainants. The general rule is that information

12 such as described by witnesses, victims or complainants should not be disclosed without first obtaining fully informed, specific and explicit consent from the individual concerned. In all such cases, advice should be sought from the legal department, Information Sharing Officer and/or Data Protection Officer. 9.6 On-going Investigations If there is an on-going investigation which is sensitive or of which the offender is not yet aware of the police investigation the officer in the case will be consulted prior to any dissemination to ensure there is no prejudice to the on-going investigation or subsequent court proceedings. A case involving safeguarding issues, which require an urgent disclosure to protect any individual, should receive priority attention. In the event of a dispute, the views of the officer in the case will prevail Subject Access and Freedom of Information 10.1 Subject Access Subject Access is an individual s right to have a copy of information relating to them which is processed by an organisation. For the purposes of section 7 of the DPA all Parties to this agreement that have access to Sentinel are Joint Data Controllers. This means that the Joint Data Controller to whom a request has been made has a statutory duty to comply with section 7 of the DPA and all relevant information held on Sentinel is disclosable, unless an exemption applies. It is good practise for the disclosing organisation to contact the organisation that originally collected and inputted the data on to the Sentinel system. This enables the originating organisation to advise the use of any statutory exemptions that may need to be applied prior to disclosure to the requesting individual. Communication should take place speedily thus allowing the servicing of the request to take place within the Statutory 40 calendar day, time period Freedom of Information If a party receives a request for information under the Freedom of Information (FOI) Act [2000] that relates to data that has been disclosed for the purposes of this ISA, it is best practice to seek advice from the originating organisation prior to release. This allows the originating organisation to rely on any statutory exemption under the provisions of the FOI Act and to identify any perceived harms. However, the decision to release data under the FOI Act is the responsibility of the agency that received the request. Lincolnshire Police Information Sharing Agreements are made publicly available on the force website Review, Retention and Deletion The recipient of the information is required to keep it securely stored and when it is no longer required for the purpose for which it was requested, will safely dispose of it. In order to ensure compliance with the Data Protection Act, data should be kept no longer than is necessary, retention periods may vary between organisations. In accordance, with the Management of Police Information (MoPI) and the Limitations Act [1980] Lincolnshire Police will retain copies of the requests and responses for 6 years.

13 The original police data source will be deleted when it is no longer useful for a policing purpose, this will be done in line with Lincolnshire Polices Review, Retention and Disposal policies which are governed by MoPI guidelines. Partner agencies should retain the shared information in accordance with statutory guidelines and internal policies. If no statutory guidance exists for the retention and deletion of data, information should be held in accordance with the fourth and fifth principle of the DPA Breach of Conditions 12.1 Complaints and breaches to this agreement should be dealt with by utilising any established agency policies and procedures for breaches and complaints made in relation to appropriate legislation in connection with the agreed information exchange and data processing Any disclosure of information by an employee, which is done in bad faith or for motives for personal gain, will be the subject of an investigation and be treated as a serious matter. Each party will be accountable for any misuse of the information supplied to it and the consequences of such misuse by its employees, servants or agents All agencies are reminded of the Data Protection Act Principles and Section 55 and Section 61 Offences It is the responsibility of all parties to notify the other party of any known breach or infringement immediately and remedial action must be agreed and actioned by all relevant agencies concerned Major breaches may result in this agreement being temporarily suspended or withdrawn completely Review of the Information Sharing Agreement This Information Sharing Agreement will be reviewed six months after its implementation and annually thereafter. The nominated holder of this agreement is Lincolnshire Police. It is based on the national template for Information Sharing which forms part of the guidance issued on the Management of Police Information by the Association of Chief Police Officers (ACPO) and the Home Office Disclaimer The Information Provider disclaims all liability to the data recipient in connection with the data recipient's use of data supplied under this agreement and shall not, under any circumstances, be responsible for any special, indirect or consequential loss or damages including but not limited to loss of profits arising from the use of the data by the data recipient Signature

14 15.1 By signing this agreement, all signatories accept responsibility for its execution and agree to ensure that staff are trained so that requests for information and the process of sharing itself is sufficient to meet the purposes of this agreement Signatories must also ensure that they comply with all relevant legislation It is the responsibility of all signatories to ensure that: Realistic expectations prevail from the outset. Professional, ethical standards are maintained. The Data Protection Principles are upheld. The information exchanged is kept secure and confidentiality is maintained as appropriate to the information s level of protective marking as defined by the Data Controller. A mechanism exists by which the flow of information can be controlled. Appropriate staff training is provided on this agreement Adequate arrangements exist to test adherence to the agreement. Signed on behalf of Lincolnshire Police Signed on behalf of ACIS Signed on behalf of Addaction. Signed on behalf of Boston Borough Council.

15 Signed on behalf of Boston Mayflower. Signed on behalf of City of Lincoln Council. Signed on behalf of East Lindsey District Council. Signed on behalf of Humberside, Lincolnshire and North Yorkshire Community Rehabilitation Company Ltd. Signed on behalf of Lincolnshire County Council Families Working Together.

16 Signed on behalf of Lincolnshire County Council Children s Services. Signed on behalf of Lincolnshire County Council Child/Adult Safeguarding. Signed on behalf of Lincolnshire County Council Youth Offending Service. Signed on behalf of Lincolnshire Partnership Foundation Trust. Signed on behalf of Lincolnshire Fire and

17 Rescue. Signed on behalf of Longhurst & Havelok Homes. Signed on behalf of North Kesteven District Council. Signed on behalf of South Holland District Council. Signed on behalf of South Kesteven District Council.

18 Signed on behalf of St Barnabas Hospice Signed on behalf of Victim Support. Signed on behalf of VoiceAbility. Signed on behalf of Waterloo Housing. Signed on behalf of West Lindsey District Council.

19 Appendix 1 SENSITIVE DOCUMENTS SUPPLIED BY LINCOLNSHIRE POLICE SECURITY REQUIREMENTS Some of the electronic or hardcopy documents that you receive from Lincolnshire Police will contain sensitive or personal information. These documents will be provided to you on the understanding that you apply the protective measures described below. GENERAL REQUIREMENTS You must only use the information supplied by Lincolnshire Police for one or more of the following purposes: For the detection or prevention of crime; As specified in an Information Exchange Protocol that has been agreed between your organisation and Lincolnshire Police; For a specific purpose that has been agreed, in writing, by Lincolnshire Police. You may not disclose, copy, or onwardly transmit information provided by Lincolnshire Police without its express, written permission, unless this is permitted within the terms of an Information Exchange Protocol agreed between your organisation and Lincolnshire Police. You may only retain the information for a period of time that will enable you to fulfil the purpose for which it has been has been provided. The information must then either be securely destroyed or returned to Lincolnshire Police as detailed in these instructions. It is your responsibility to contact Lincolnshire Police to establish if any relevant change has occurred since the information was provided to you, and upon which you intend to base any decision or action. PROTECTIVE MARKING & ASSOCIATED HANDLING RULES Documents that contain sensitive information will usually display a protective marking on the top and bottom of each page. This indicates how sensitive the information is, and determines the protective measures that need to be applied to it. The appropriate measures for each marking are shown below.

20 STORAGE OF PAPERS RESTRICTED Protected by one barrier, e.g. a locked container (restricted access) within a secure building. CONFIDENTIAL Protected by two barriers, e.g. a locked container in a locked room (both with restricted access) within a secure building. DISPOSAL OF PAPERS DISPOSAL OF FLOPPY DISKS & CDs MOVEMENT WITHIN YOUR ORGANISATION RETURN TO LINCOLNSHIRE POLICE Shred in a strip or cross-shredder or return to Lincolnshire Police. Keep secure if storing prior to disposal. Dismantle floppy disks. Cut inner disks or CDs into quarters (at least). Dispose with non-restricted waste. By trusted hand OR in a sealed envelope or container with the protective marking & descriptor shown. Include a copy of these instructions inside. By trusted hand in a sealed envelope or container, OR by recorded delivery or courier service in a sealed envelope with no protective marking or descriptor shown (other than PERSONAL or PRIVATE), & addressed to an individual by name or appointment. Shred in a cross-shredder or return to Lincolnshire Police. Keep secure if storing prior to disposal. Dismantle floppy disks. Cut inner disks or CDs into quarters (at least). Dispose with non-restricted waste. By trusted hand OR in a sealed envelope or container with the protective marking & descriptor shown. Include a copy of these instructions inside. By trusted hand in a sealed envelope or container, OR by Special delivery or courier service in a sealed envelope using double envelopes, both fully addressed but with the protective marking shown on the inner envelope only. Provide a return address on the outer envelope.

21 Appendix 2 SIGNATORIES TO THIS AGREEMENT I, the undersigned, on behalf of my organisation, agree to the terms of the Anti-Social Behaviour Risk Assessment Conference Information Sharing Agreement. Signed on behalf of Rank/Position: Please retain a copy and send the original to; Information Sharing Officer Information Management Unit Data Protection Lincolnshire Police Police Headquarters PO Box 999 Lincoln Lincolnshire LN5 7PH A list of current signatories can be viewed on the Lincolnshire Police website

22 Appendix 3 ASBRAC information sharing protocol for the Lincolnshire Partnership Foundation Trust (LPFT) An ASBRAC tackles cases that are deemed of such a risk that it is appropriate that partners, at a structured meeting, consider and decide on the required actions to reduce the risk to victims and communities, with a view to delivering a partnership solution. Who will request information for ASBRAC? Police, Local Authorities and Registered Providers. All referrals are submitted to the ASBRAC Co-ordinator for circulation; 7 days prior to the meeting. What information is required? Is the subject (victim or perpetrator of anti-social behaviour) known to LPFT, if known are they still under LPFT care? Any relevant information related to their condition or care plan. How will information be shared? All ASBRAC referrals will be sent directly to LPFT Records Team at Lpn-tr.LPFTRecords@nhs.net with the LPFT CMHT and/or DART Team - Coordinators whom attend ASBRAC copied in. Each referral will be assessed on a case by case basis to ascertain what information can be shared. The Records Team will update the ASBRAC Co-ordinator with their findings. If known to LPFT the CMHT and/or DART Team -Coordinators that attend ASBRAC will provide appropriate information in order to contribute to the discussions and decisions regarding that person.