Imagine being the keeper of a child or young person’s life story. That’s what your organisation does. 

An entire childhood may be held in a cardboard box, a filing cabinet in your office, or in different digital files in the cloud, as one of your staff tries to make sense of the information in there. 

You can have a crucial role in helping someone with care experience reclaim their identity. The systems and support you put in place in your organisation can be vital in giving someone the answers they may need about their life story. 

The cost of not getting this right is not just about a fine or a reprimand.

You can negatively impact the mental health of a care experienced person if you do not treat them with the empathy they deserve. This can affect the trust that those who need your services have in your organisation.

Your staff have also told us how challenging the statutory timeframes can be when the volume of information you hold is large and complex.    

Staff handling complex record requests told us that responding can often take a significant emotional toll, sometimes leading to stress-related absence.  

It’s crucial that you have structures, resources, and processes in place so staff responding to requests have the tools and support they need to respond in a timely and empathetic way. 
 
You can be the organisation that is part of creating better records together with others by handling people’s stories with care and compassion.

Here are five things we expect senior leaders to do:

• Champion care records. People deserve high standards in how you handle their care records. Make clear that your organisation’s performance in handling care records matters to you and your organisation. 
• Implement our care records standards. Explain to staff why these standards matter, why they are a priority for your organisation and why they are everyone’s responsibility. 
• Resource your teams. This is more than just a legal obligation or technical work for your DPO. 
• Support your staff. Make sure you have a joined-up approach to handling care records across your organisation. Provide staff with the necessary training and support so that they can handle care records confidently and in line with our standards.   
• Invest to transform. Build records now that follow our care records standards to reduce future challenges. Create a future with better records by innovating in your approach and with the technology you use. 

Timeliness in responding

You must respond to requests within the statutory timeframe of one calendar month from the day of receipt of the request, or three months for complex requests. You must let people know about any extension within one month of receiving the request, together with the reasons for the delay. 

You must respond without delay. This means if it is possible to respond within a shorter timeframe than the statutory deadline, you do so. 

If you fail to meet the deadlines, you must still work to provide information as quickly as possible. The longer the delays, the greater the harm and we consider the length of the delays to requests when we consider taking regulatory action.

The volume of SARs you receive may change over time, and you should have processes in place so that you are able to anticipate and respond to this.

We expect senior leaders to ensure your organisation can manage the volume and complexity of requests without delay and further harm. 

Training staff

We expect senior leaders to ensure your teams have the training they need. 

You should have adequately trained staff, and resource relevant teams, to respond to the requests you receive within the statutory timeframes. 

You should provide specialist training for staff on how to handle requests for care records and ensure they are confident about when and how to apply exemptions. Consider how you can ensure that staff responding to requests are supported from a health and wellbeing perspective. 

Providing support

Staff should be confident about where to seek support when they have doubts about how to handle a records request or information rights issues related to care records.

We expect senior leaders to demonstrate their commitment to the care records standards by supporting their teams in this work and ensuring your systems are joined up. 

Monitoring compliance rates

You should monitor your compliance rates on a monthly or quarterly basis, anticipate or note temporary or sustained increases in requests and ensure you can respond to these increases.

We expect senior leaders to receive regular reports on compliance rates. You should take reasonable proactive steps to avoid buildups of overdue requests. This could include adjusting your staffing levels to meet demand.

You should develop and implement an action plan to address cases that are beyond the statutory timeframe. We expect senior leaders to stay on top of progress in responding to overdue requests.

Action plans that include timebound targets and milestones are the most effective and will allow you to demonstrate the progress you’re making.