Access to Records


This chapter should be in conjunction with the Confidentiality Policy.

See also: Access to Birth Records and Adoption Case Records Procedure.


This chapter was updated in June 2023.

1. Rights of Access

The provisions for access to personal information or records held by Merton Council are contained in the Data Protection Act 2018 (Subject Access Requests). Under this legislation, those in respect of whom personal information is held in any form have a right of access to the information. However, some information may need to be redacted or some documents within a file may need to be withheld, if one of the exceptions set out below applies.

The Data Protection Act applies to both paper and manual records and records held electronically. It is important that electronic recording systems comply with the requirements for children and their families to easily find their story in a logical narrative.

The Freedom of Information Act 2000 (Freedom of Information requests) gives people the right to see all types of other non-personal information held by children's services. Local authorities should publicise their access to records policy with clear information about how care leavers and others can apply for their records and access support services.

2. Exemptions

Exceptions to the right to access are:

  1. Where the practice of social work would otherwise be prejudiced because access to the information would be likely to result in serious harm to the person requesting the information or some other person;
  2. Where another person is requesting the information on behalf of the person concerned (for example where the person is a child) with sufficient age and understanding and the request is being made by their guardian) and the information was given in the expectation that it would not be disclosed or person concerned has expressly indicated that the information should not be disclosed to the person making the request;
  3. Adoption Case Records - see Access to Birth Records and Adoption Case Records Procedure.

Also access must also be refused if:

  • To disclose the information would involve disclosure of information about someone else without that person's consent and disclosure cannot be justified without that person's consent; or
  • Where disclosure may prevent the detection or investigation of a crime.

Access can also be refused if an identical or similar request has been received from the same person and already been complied with, unless a reasonable interval has elapsed.

These exceptions do not permit the total withholding of information but only those sections of the material covered by the exceptions. The remainder of the case records should be made available to the service user.

The exceptions do not apply where disclosure is required by a court order.

In addition, a Court may prevent disclosure of information where a person shows that he or she would be caused serious harm to his physical or mental health by the disclosure.

3. Offering an Informal Approach

All staff should encourage on-going and open sharing of information, including providing copies of key documents, with the person concerned.

If a person in receipt of services asks to see a particular document or wants to have information about a particular aspect of the case, the social worker should discuss this with them to see whether the request can be dealt with informally by showing them the relevant part of the file or providing copies of relevant documents.

If data sharing is done informally, it must be done within the legislative framework and confidential information of others should not be shared.

4. Handling Formal Requests for Access

Formal requests for information must in the first instance come to the Information Governance Team within Merton Council. This is because they monitor and report on corporate compliance with the requirements of the Act. Click here for the corporate guidance on handling requests and this must be followed.

This contains a checklist which should be completed for every request you process.

Requests can be made using the request form on the council's website.

Those making a formal request for access to their records should be asked to put the request in writing and contact the allocated social worker if they need to be assisted. The receipt of the written request should be recorded by the social worker on the case file, who must verify the identification of the person making the request. If he or she is not known to the social worker, they will be asked for proof of identity. Children over 12 who have capacity need to give their consent to allow their parents or guardians to access their records. The social worker should always send a copy of the request to the information governance team when it is received.

Prior to access being given, all case records held on the person should be located and collected. All indexes and computer records within the social care information system should be checked within the Department.

The social worker should carefully check the case records in the social care information system to ensure they are complete and maintained in line with the Recording Values and Principles. The child's case file should also be checked to ascertain whether any of the material comes within the exceptions to the rights of access, (see Section 2, Exceptions).

There should be no disclosure of data about other people without their written consent (including other family members).

Consideration should be given where information has been supplied by third party organisations (e.g. police, GP, schools) as there may be exemptions which apply.

A request for copies of information disclosed must be met.

Where the social worker feels the service user requires support/explanation of the service record, an appointment should be made at the earliest opportunity to share the case record with the person making the request, and he or she should be asked to bring appropriate proof of identity.

A social worker should be available to explain the contents of the file, to answer questions and to help the person understand the information recorded.

Where the person making the request has specific needs in relation to language or disability, arrangements must be made to present the information in a suitable manner and to involve approved interpreters as needed.

Interpretative and supportive counselling may be advisable in certain cases using a number of interviews to disclose the information, if the person concerned is willing to proceed in this manner.

5. Timescales

Access must be given to disclosable information within one calendar month of receiving the Subject Access Request and 20 days for Freedom-Of-Information requests. This is a statutory requirement.

6. Applications by Children

Merton Council will support children and young people to access their case files. Generally the age 12 is the age at which a child is considered to have sufficient understanding to make a request. However, cases will be assessed on an individual basis and if a child is younger but has the capacity then this will be considered.

Requests from children should be treated in the same way as requests from adults. A judgement should be made by the social worker as to whether the child making the request for access understands the nature of the request.

Children with disabilities have the same rights as others to have access to information held about them. No assumption should be made about their level of understanding. This should be assessed on an individual basis as with all children.

A child of sufficient understanding should be allowed regular access to information held about him or her, consistent with his or her best interests. He or she should read or be told what has been recorded unless it falls within one of the exceptions set out above.

A child should be encouraged to record his or her own observations on the case record including when there is disagreement about an entry in the file.

In Scotland the law presumes that a child aged over 12 has the capacity to make a subject access request. The presumption does not apply in England and Wales but does suggest an approach that will be reasonable in many cases.

7. Applications by Parents

A parent may make a request on a child's behalf. However, the request must be in the interests of the child, rather than the interests of the parent.

If a parent seeks to have access to his or her child's records, the worker dealing with the request must assess whether the child might be able to request access to the records for him or herself. If this is the case, the worker should check that it is the child's choice for the parent to see the records on his or her behalf. If it is, the child will be asked to confirm this in writing.

Whether or not a child is capable of understanding the request or has consented to the parent making the request, it is important that a parent should only be given access to the information about the child if the worker in consultation with his or her manager is satisfied that the request is made in the child's and not the parent's interest.

Even if a child is unable to understand the implications of a request, the data about them is still their personal data and does not belong to anyone else, such as a parent. It is the child who has the right of access to information held about them, even though, in the case of young children their rights are likely to be exercised for them by people with parental responsibility.

Before responding to a request for access to information held about a child, it should be considered whether the child is mature enough to understand their rights. If they are, their consent should be obtained and they should be responded to rather than the parent. If a worker is unsure about whether a child is able to understand what it means to make a request and how to interpret the information they receive as a result the worker should consider (and can seek assistance from the Information Governance Team).

  • The child's level of maturity and ability to make decisions like this;
  • The nature of the personal data;
  • Any court orders relating to parental responsibility that may apply;
  • Any consequences of allowing those with parental responsibility access to the child's information. This is particularly important if there have been allegations of abuse;
  • Any detriment to the child if people with parental responsibility cannot access this information;
  • Any views the child has on whether their parents should have access to information about them.

In some instances a formal request may be supported by another adult/significant person, who is not the birth parent and this will be considered if this is in the best interests of the child.

8. Applications by Care Leavers

For further information see Children Act 1989 Guidance and Regulations - Volume 3: Planning Transition to Adulthood for Care Leavers, paragraphs 4.21 - 4.37 Access to Records.

When an application has been received from a care leaver, it is important that the request is acknowledged promptly and in writing, or other appropriate forms of communication if required. The care leaver should be informed about the process and procedure, timescales for dealing with such requests and the services that the authority is able to provide.

An acknowledgement should be sent to the care leaver within ten working days. confirming that records exist. If the authority knows that the care records do not exist, there should be no delay informing the care leaver. The letter should also indicate when they are likely to receive information from the care records and that:

  • The local authority will locate all existing records relating to the care leaver, including registers from children's homes; Legislation requires that a child's case record must be kept until the 75th anniversary of the child's date of birth;
  • There is a statutory duty to respond to a subject access request within one calendar month. If it is not possible to meet this timescale, it can be extended by a further two months under certain provisions. This should be explained to the care leaver, giving reasons and the timescale when the records will be available;
  • The care leaver will need to produce proof of their identity before the organisation can disclose any personal information however, if the person is already known the proof of formal ID is not required;
  • If the records cannot be located, the care leaver needs to be informed as soon as possible with information about the steps that will be taken to try to locate them. If records have been transferred to another local authority, the individual should be put in touch with the relevant organisation if this can be done. When records have been destroyed or mislaid, the care leaver must be informed as soon as possible and assistance given to assist the care leaver to locate other information and registers that may be available, such as, health and education records. 

It is important that the case worker has telephone or direct contact with the care leaver to introduce themselves and explain the process. It provides an opportunity for the care leaver to discuss what they are hoping to obtain from their records, how s/he would like these to be shared and what they already know about their family and history. The case worker can also offer and identify what support the care leaver would like to receive. The care leaver should be assured that s/he will receive comprehensive information about their family background and time in care including information already known to them. It is important to offer to telephone the care leaver after they have received and read their records and to inform them that the case worker is available to try and answer any questions or concerns they may have.

9. Applications by Agents

A request for access to records may be made through an agent (for example, a solicitor).

It is the agent's responsibility to produce satisfactory evidence that he or she has authority to have access to the records. This will always include signed authorisation.

The Team Manager will decide whether the representative will be allowed access, having sought advice from the information governance team if necessary.

10. Application on Behalf of Deceased Persons

Where a request is received for access to the records of some-one who has died, the person making the application should be asked to explain in writing their relationship to the deceased person, what information is needed and why. Requests for records about deceased persons do not fall under the Data Protection Act, as the act only applies to data about living individuals. However, the Council’s duty of confidentiality to a person survives their death. The social worker should make a decision in consultation with his or her manager and advise the applicant in writing of the decision with reasons.

11. Corrections or Erasure of Records

If a person considers that any part of the information held on his or her records is inaccurate, he or she has the right to apply in writing for it to be corrected or erased. Such requests should be discussed with your line manager and assistance from the Information Governance Team can be sought.

12. Refusal of Access

If the worker considers there are reasons to refuse a request for access to all or any part of the records (see Section 2, Exceptions), this should be discussed with his or her manager and advice from the Information Governance Team should be obtained.

The line manager should be asked to make a final decision on refusal of access, having sought advice if required. If refused, the date of the request and reason for refusal must be recorded in the file.

The decision and the reasons for it should be confirmed in writing to the person requesting access, or in a format appropriate to the needs of the person concerned.

Prior to any final decision being made the Information Governance team should be consulted.

13. Appeals Process

The person concerned has the right to apply to the Court for an order to disclose, correct or erase information held. They also have a right of appeal to the Information Commissioner’s Office who may make an assessment about whether the law has been complied with and issue enforcement proceedings to make the Authority comply with the request if necessary and/or recommend an application to court alleging a failure to comply with the Data Protection Act.

Merton Council has a corporate policy that must be followed by practitioners and their managers and is available on the following Intranet link.

14. Important Note: Independent Inquiry into Child Sexual Abuse

The Independent Inquiry into Child Sexual Abuse has said that:

It is now very unlikely that the Chair and Panel will request access to documents relevant to the Inquiry’s Terms of Reference.

Consequently, organisations can plan for destruction or deletion of records that have been retained for the purposes of the Inquiry, which can resume at the end of the Inquiry’s Judicial Review period, currently set for 20th January 2023. However, please consider the following when drawing up disposal plans:

  1. Whether any of the records you have retained are likely to be of significant interest to victims and survivors and that your retention schedules meet their needs (please refer to the Merton Information Governance Board report for local policy and timescales);
  2. The obligation to retain records for other inquiries remains.

Further information about the Inquiry’s moratorium on the destruction of records can be found on the Inquiry’s website.’