Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Resources and learning

Print | Email this page

Multi-agency meetings: sharing information about children and young people

Five people sit at a table in an office having a meeting. Some have laptops in front of them. Sharing information is a major part of how we work together effectively across government to provide children and young people with the services and supports that they need.

On this page:

Download a PDF of the guidance on this page (PDF, 507KB).

Download the Information sharing protocol template (docx, 744KB).

Information sharing is a critically important activity for government – it’s something that happens every day. We cannot simply function in artificial silos created by our organisational structures. Agencies and organisations need to work together to provide appropriate and timely services and supports for children, young people and their families.

That means making sure that relevant information is available to the right people at the right time in the right way.

Of course, if we do not get our privacy thinking right, we can cause real harm. Failing to think things through properly also compromises our ability to achieve the outcomes that we’re aiming for. None of that is acceptable.

That’s why specific legislation (e.g. Privacy Act 2020, Oranga Tamariki Act 1989 and Family Violence Act 2018) provides a variety of ways for agencies to share information about children and young people safely and respectfully.

Guidance purpose

The purpose of this guidance is to help people working with children and young people understand: 

  • what a multi-agency meeting is
  • how to set up appropriate and safe information sharing at multi-agency meetings
  • what to think about before you share information at a multi-agency meeting.

The guidance will help you share information at a multi-agency meeting in a considered way and where the child or young person is at the centre of decision making. 

We have also created an information sharing protocol template to help to support agencies and organisation document their sharing activity. This guidance aligns to the structure of that template so you can develop your information sharing protocol in a systematic and consistent manner. 

While this guidance is focused on sharing information about children and young people, the guidance and template can still be used where you want to share information in a multi-agency meeting about any individual, including adults.

Guidance Audience 

This guidance can be used by: 

  • Public sector agencies, including:
    • frontline staff 
    • regional staff 
    • national Office staff.  
  • Organisations working with government agencies

What is a multi-agency meeting 

A multi-agency meeting is a meeting where different agencies and organisations come together for a common purpose. These meetings can be one-off events or occur regularly.

To provide services and deliver effective outcomes for children and young people, agencies and organisations often need to share information. 

Multi-agency meetings enable attending agencies and organisations to share relevant information with each other to better understand and quantify the extent of a child or young person’s needs and then identify, prioritise and then deliver appropriate and effective supports, interventions, and services.

Example: Police-led multi-agency meeting to reengage youth offenders in education or employment

There has been a significant increase in residential burglaries committed by youth in a small geographical area. Local police would like to identify, if possible, the cause of the increase in offending, and work with the youth offenders to reengage them with education or employment opportunities. 

To achieve this, police will need to work closely with local non-government support organisations, and government agencies who also have an interest in seeing children and young people thriving and achieving e.g. the Ministry of Education, Ministry of Social Development and Oranga Tamariki.

Regular multi-agencies meetings will enable the attending agencies and organisations to share and receive relevant information with each other. This will enable Police and attending agencies and organisations to identify and then implement effective supports and interventions. 

Example: Education led multi-agency meeting to identify learning support services 

School attendance has been dropping over the last few years. The Ministry of Education (the Ministry) wants to understand the drivers behind the reduction in attendance rates and implement effective learner focused interventions to encourage learners to attend school regularly.

To achieve this, the Ministry needs to work closely with schools, learning support service delivery partners, other government agencies (e.g. Oranga Tamariki, Police, and non-government support organisations). Regular multi-agency meetings will enable agencies and organisations to share relevant information with the Ministry. The sharing of this information will help the Ministry identify and then implement timely, appropriate and effective supports and interventions.

To ensure sharing of information at the attendance focused multi-agency meetings is appropriate and consistent, the Ministry will develop an information sharing protocol that is followed by all multi-agency meeting participants.

Example: Providing support for victims of family harm

Integrated Safety Response, Whāngaia Ngā Pā Harakeke and Safety Assessment Meetings (SAM tables) are examples of family harm-focused multi-agency meetings.

These initiatives bring together government agencies and community organisations and enable them to share relevant information about victims of family harm and identity appropriate supports and interventions.

Sharing information at multi-agency meetings

Privacy is not about keeping things secret - it’s about getting the right information to the right people at the right time. 

Information sharing is a critically important activity for government agencies and organisations that support children and young people. However, sharing information at multi-agency meetings can be challenging when there are no clear policies and procedures to follow.

Everyone knows the consequences of sharing too much can be significant. But so can the consequences of sharing too little. The way to be confident you’re doing the right thing is to embed best practice information sharing into the governance and operation of multi-agency meetings.

Good information sharing practices:

  • Build awareness within an agency or organisation of what information is being shared, who the information is being shared with and for what purpose.
  • Create transparency and build public trust and confidence in how agencies and organisations are sharing personal information. 
  • Enable the delivery of timely, effective, and fit-for-purpose services and supports that improve outcomes for children and young people.

Good information sharing practices will protect the privacy, mana and dignity of the children and young people you’re sharing information about and help you meet the objectives of your multi-agency meeting effectively and efficiently.

We expect that all multi-agency meetings, especially those designed to operate over a period of time, have an information sharing protocol in place.

Why you should have a multi-agency meeting information sharing protocol in place

The purpose of a multi-agency meeting information sharing protocol is to document authorised sharing of information and ensure all attending agency and organisation representatives are aware of the legal authority that permits the sharing, the purpose(s) for which the information is being shared, and what information can be shared.

A multi-agency meeting information sharing protocol records:

  • the purpose of the meeting
  • the legal authority the sharing is permitted under 
  • the information being shared
  • who the information will be shared with and for what purpose
  • the controls and mechanisms that ensure personal information is shared safely and used appropriately.

The multi-agency meeting information sharing protocol helps attending agency and organisation representatives confidently share relevant information about children and young people in a timely manner. It also helps them to pause and make confident judgement calls when proposed information sharing within the meeting may create privacy risks. 

It does this by:

  • Helping attending agencies and organisations think through information sharing before information about children and young people is shared so that the right people, with access to the right information, are sitting around the table.
  • Providing a ‘guiding pair of hands’ when the multi-agency meeting is up and running, ensuring attending agency and organisation representatives can confidentially navigate complex and challenging situations, reducing unnecessary delays in providing support and services. 

An information sharing protocol demonstrates that attending agencies and organisations have taken a privacy by design approach to ensure sharing information about children and young people is privacy protective and mana enhancing.

Three people stand in a corporate office and discuss something. One person has a folder and pen in her hands. How to develop a multi-agency meeting protocol 

The time and effort spent on setting up your information sharing activity at the beginning will make it easier to share what you need to share, when you need to share it, without harming the people you are intending to help. 

When setting up a multi-agency meeting it is important to think about and set up your information sharing activity correctly.

You can use this guidance to help you complete the multi-agency meeting information sharing protocol template – it walks you through each section of the template and highlights the things you need to think about when setting up your information sharing activities. 

You can access the multi-agency meeting information sharing protocol template here.

Be clear about the purpose of your meeting 

A clear purpose is key. Your meeting purpose is the foundation on which the rest of your information sharing activity and documentation is built.

A clear purpose will help:

  • identify what information you need to achieve the purpose
  • identify the appropriate legal authority
  • determine which agencies or organisations should be involved
  • help those agencies and organisations determine the best person to attend the meetings
  • create transparency and help build public trust and confidence that you are sharing information appropriately. 

Sharing must be permitted by legislation

There must be a legal authority to share information with attending agency and organisation representatives. The multi-agency information sharing protocol should clearly state the legal authority for each purpose for which information is being shared.

The information sharing protocol includes common legal authorities used to share information about children and young people. You can delete the legal authorities that do not apply to the purpose of your multi-agency meeting or manually enter the legal authority if it isn’t one of the examples provided for in the template.

The multi-agency meeting protocol does not itself authorise the sharing of information – it cannot create or change the law. All sharing of personal information must be permitted by legislation, such as the Privacy Act, the Oranga Tamariki Act, the Family Violence Act, or an agency’s enabling legislation.

Read more information about the legislative frameworks that permit sharing information about children and young people.

Attending agency and organisation representatives

If you’re using the Oranga Tamariki Act or the Family Violence Act information sharing provisions, you’ll need to ensure that all attending agency and organisation representatives meet the criteria for sharing and using information under those provisions. 

Section 66C of the Oranga Tamariki Act (wellbeing and safety of children)

Only the following agencies and individuals can share and use information using section 66C of the Oranga Tamariki Act:

  • agencies meeting the definition of a child welfare and protection agency, or
  • a person meeting the definition of an independent person.

Read more about child welfare and protection agency and independent persons definitions.

Section 20 of the Family Violence Act (family violence)

Only the following agencies or individuals can share and use information using section 20 of the Family Violence Act:

  • agencies meeting the definition of a family violence agency, or
  • a person meeting the definition of a social services practitioner.

Read more about family violence agency and social services practitioner definitions.

Be clear about why you are sharing information

Like your meeting purpose, having a clearly defined purpose for the sharing of information is critical. The purpose of sharing should be aligned with the purpose of the multi-agency meeting.

Being clear about why you need to share a child or young person’s information shows that the sharing is justified and has been carefully considered. It also helps stop ‘scope creep’ – that is, to stop the purpose of the sharing changing over time without proper consideration or authorisation.

Protocol example - multi-agency meeting set up to identify and implement appropriate support for youth offenders in a specific area

Purpose for sharing

Attending agencies and organisations may share information for the following purposes

Attending agency/organisation

Purpose for sharing information

Ministry of Education
  • To determine whether attendance is a contributing factor to offending.
  • To identify appropriate attendance and engagement supports to reengage student with education.

Oranga Tamariki 
  • To determine whether the learner is currently under care and protection.
  • To identify existing services being provided.
  • To identify appropriate care and protection supports for the learner and their whānau.

Police
  • To identify youth offenders.
  • To identify previous offending and interventions.
  • To identify appropriate interventions.

Protocol example – to identify families affected by family harm and provide an integrated cross agency response 

Purpose for sharing

Attending agencies and organisations may share information for the following purposes

Attending agency/organisation

Purpose for sharing information

Ministry of Education
  • To determine whether children and young persons identified as being involved in family harm are attending school regularly.
  • To identify appropriate attendance and engagement supports to reengage student with education (where required).

Oranga Tamariki 
  • To determine whether a child or young person identified as being involved in family harm is currently in care.
  • To determine whether a care and protection intervention is required.

Corrections
  • To determine whether a person involved in family harm is under the supervision of Corrections and whether any breach of conditions has occurred. 

Whare Manaaki
  • To identify previous engagement with and support from Whare Manaaki.
  • To enable Whare Maanaki to contact and engage with women and children who have been identified as victims of family harm.

Be clear about what information will be shared

Through the development of your purpose statements (both the multi-agency meeting and information sharing purposes) you’ll have determined:

  • the information that needs to be shared to achieve those purposes, and
  • the agencies and organisations that hold that information.

You’ll need to work with the attending agencies and organisations to identify the information they hold that is relevant to the purpose of your meeting. Attending agency and organisation representatives know the information their agency or organisation holds and understand any limitations on that information such as reliability, accuracy, and restrictions on secondary use.

Things to think about:

  • Be as detailed as you can when documenting the information that attending agencies and organisations may share at the meeting - vague information descriptions can create unnecessary confusion when it comes time to share information at the meeting. 
  • Think about which agency or organisation holds the most up to date information about the child, young person and their family (e.g. address, contact information)? 
  • For individual agencies or organisations, what business systems hold the authoritative information? Sometimes it can be helpful to record the name of the business system that holds the information, that way the attending agency or organisation representative attending the meeting knows where to get the information from.
  • Does the attending agency or organisation representative have access to the business system that holds the information? If not, they may not be the right person to attend the meeting and share the information.
  • Are there confidentiality obligations attached to the information? Has the child, young person or their parents been advised their information may be shared in certain circumstances (e.g. when there are wellbeing or safety concerns)?

Identifying this information early and recording it in your multi-agency meeting protocol ensures that everyone understands what information can be shared, with whom and for what purpose, and reduces unnecessary delays in achieving the purposes of the meeting.

Read more guidance about what may be relevant.

Example: Attendance information held by Ministry of Education

Attendance information is made up of many attendance data variables, not all of which may be relevant to the purposes of a multi-agency meeting. The information sharing protocol should be clear on what attendance data variables are relevant to the purpose and will be shared at the multi agency meeting.

Instead of recording ‘attendance information’ in the protocol, the protocol could record that the Ministry will share the attendance rate of the individual over the last X months, the number of justified and unjustified absences during the specified period, the reasons attributed to those absences, and any attendance interventions that have been put in place.

Example: Health information held by Health NZ | Te Whatu Ora 

Instead of recording ‘health information’ in the protocol, the protocol should record the specific health information that Health New Zealand | Te Whatu Ora will share that is relevant for the purposes of the meeting.

For example, where information is being shared to support reducing non-attendance rates, relevant health information could include current mental health diagnoses, disability information, and any health interventions/ supports currently being provided.

Protocol example: Information to be shared

Information to be shared

Attending agencies and organisation may share the following information if it is relevant to achieving the purposes set out above:

Attending agency/organisation

Information to be shared

Information Security Classification

Ministry of Education/Attendance Service Provider
  • schooling history 
  • attendance rate of the individual 
  • number of justified and unjustified absences during the specified period and reasons attributed to those absences
  • any attendance interventions that have been put in place and the outcome of those interventions
  • any previous multi-agency responses/engagement

In-Confidence

Oranga Tamariki
  • care and protection history 
  • the current care status of the child and young person and the level of care
  • the number of and level of any reports of concern 
  • for children or young people in care, the reasons attributed to any school absences or lack of enrolment (if known) 

In-Confidence

Ministry of Social Development
  • any benefits or services the student or their whānau has received or could receive, that may be relevant.
  • any benefits or services the whānau/caregivers of the student has received or could receive, that may be relevant

In-Confidence

Health NZ
  • current mental health diagnoses
  • disability information
  • any health interventions and supports currently being provided

In-Confidence

Kainga Ora
  • housing status or applications for the whānau/caregivers of the child/young person 
  • details of the home environment 

In-Confidence

Police
  • the number and seriousness of offences of the student
  • the number and seriousness of offences of whānau/caregivers of the student

In-Confidence

Corrections
  • Corrections involvement or history with the student
  • Corrections involvement or history with whānau/caregiver of the student

In-Confidence

Ministry of Justice
  • Any previous, current or upcoming court appearances for the student, or their whānau
  • any previous, current or upcoming services, assessments, programmes that are to be undertaken for the student or their whānau

In-Confidence

All attending agencies and organisations
  • descriptions about the student’s needs, aspirations, strengths, what’s working well (physical or mental health)
  • known challenges whānau are facing (like financial pressure, housing difficulties, family violence concerns or alcohol and drug issues)
  • information about who or what has helped the student or their whānau in the past or what challenges and concerns there have been in the past for the student and their whānau

In-Confidence

Restrictions on the use of the information shared

Attending agency and organisation representatives shouldn’t put any information shared at a multi-agency meeting into their own business systems or records unless they have been tasked to provide services or supports to the child, young person or their family. In that case, they should only record the information necessary to provide that service or support. That means you should not collect and store information about a person just because you think it might be relevant in the future. ‘Just in case’ is not a good enough reason. 

Read more about when information shared at multi-agency meetings under section 66C of the Oranga Tamariki Act can be used for a secondary purpose.

Read more about when information shared at muti-agency meeting under section 20 of the Family Violence Act can be used for a secondary purpose.

You should check with your privacy, legal or information sharing teams if you want to use the information shared at a multi-agency meeting for a secondary purpose.

Things to note when keeping information

If an attending agency or organisation representative needs to keep the information so that they can carry out the purpose of the sharing (e.g. provide relevant services or supports), then they should note:

  • where the information came from
  • the legal authority the information was shared under
  • the purpose the information was shared
  • any restrictions on what the information can be used for
  • the date the information was shared.

A Māori man sits at a table or counter, holding his cellphone to his ear. Tikanga considerations 

In many cases Māori data and information is a taonga and may require additional controls and restrictions to ensure the mana of the individuals is respected. Where you are proposing to share Māori data and information you should consider whether tikanga should be applied to the sharing and subsequent use of the data. This consideration is especially important when a Māori organisation or an iwi representative may be attending the meeting.

Tikanga is a set of values, principles, understandings, practices, norms and mechanisms from which a person or community can determine the correct action in te ao Māori. Tikanga is not fixed. What tikanga will be appropriate will depend on the circumstances and should be determined through meaningful engagement with the people who may be impacted by the sharing and use of the information.

Each attending agency and organisation will have its own definition of Māori data, Māori Data Governance strategies and Māori engagement practices that will guide considerations and incorporation of tikanga into any information sharing protocol. You should engage your Māori advisory teams early in the development of your information sharing protocol to ensure engagement with Māori and sharing of Māori data is undertaken appropriately and in line with agreed protocols and practices.

Method of sharing information

You’ll need to agree on the method of sharing information between the attending agency and organisation representatives.

There are several ways information can be shared, including:

  • the lead agency sends out a list of individuals that will be discussed at the meeting 
  • attending agency and organisation representatives share information verbally at the meeting 
  • attending agency and organisation representatives share information with each other via email prior to and/or after the meeting
  • access to and use of a secure business system.

In all cases, attending agencies and organisations must ensure that the method of sharing information is one that’s approved for use by their agency or organisation and protects the information about the child or young person. 

Where an agency or organisation has been tasked to provide support to a child, a young person or their whanau and require additional information from another agency or organisation they should request that information directly from the relevant agency or organisation. When requesting information about the wellbeing or safety of a child or young person you can use the section 66C request template from Oranga Tamariki.

Secure business systems

Where a secure business system is used to share information, there should be a robust access policy setting out:

  • who can access the information (so that it does not get accessed by people who do not have a legitimate reason to see it)
  • what purposes the information held in the system can be used for
  • who the information may be shared with.

Terms and conditions of access and use should be clearly documented and understood by all attending agencies and organisations.

Where information is shared through a secure business system, we recommend that the business system terms and conditions of access and use is attached to the Protocol as an appendix.

A privacy impact assessment should be completed to ensure the secure business system has the necessary privacy controls in place to protect personal information from unauthorised access, use and disclosure. We recommend that the privacy impact assessment is attached to the Protocol as an appendix.

Both the terms and conditions of access and use and the privacy impact assessment should be reviewed annually.

Security classifications 

Where information to be shared has been assigned a security classification, attending government agencies must ensure that the appropriate handling requirements under the Protective Security Requirements are met, including how the information is shared.

If non-government organisations are attending the multi-agency meetings, you will need to ensure they’re entitled to receive information with that security classification, and that they understand how to handle it.

Read more information about security classification.

Things to consider when determining how information will be shared

The following are some things to consider when deciding how information will be shared:

  • The more sensitive the information, the more careful you will need to be when sharing the information. Think about:
    • Whether emailing the information is appropriate – do you need to password protect the sensitive information that is contained in an attachment? Would it be more privacy protective to share the information verbally at the meeting and then follow up with a secure email to the relevant attending agencies or organisations after the meeting.
    • If you are emailing sensitive information to attending agency and organisation representatives, does every attending agency or organisation need to know the information? Do you need to attach a security classification to the email? Are there other secure data exchange platforms or services that you could use?

  • We recommend that you do not take hard copies of information to a multi-agency meeting as they’re too easy to lose or leave somewhere where others can see them. However, if this cannot be avoided, ensure you:
    • keep the hard copy information secure at all times, especially if the meeting is held in a location outside your agency
    • securely destroy all hard copy information at the end of the meeting 
    • do not provide the hard copy information to attending agency or organisation representatives unless it’s appropriate and safe to do so.

  • If you’re attending a multi-agency meeting virtually, do not put personal information in the chat function or use AI tools such as AI Agents or scribes. Doing so could make the information available to others, including to the software company. Also make sure that you cannot be overheard by people who’re not entitled to know what happened at that meeting, for example if you’re working from home.
  • If the multi-agency meeting is supported by a business system (for example, the Family Safety System) or secure online collaboration space (for example, Microsoft Teams or SharePoint), ensure you understand how the business system or collaboration space works. Do not share your access credentials with other people. Access should be protected via multi-factor authentication.
  • Where an agency or organisation has been tasked to provide support to a child, a young person or their whanau and require additional information from another agency or organisation they should request that information directly from the relevant agency or organisation. When requesting information about the wellbeing or safety of a child or young person you can use the section 66C request template.

Any restrictions or controls that are put in place to ensure the method of sharing is secure should be recorded in your information sharing protocol. The protocol template provides some standard controls that you can use but you can also insert your own specific controls.

Protocol example: Method of sharing

Method of sharing

Attending agencies and organisations will share information with other attending agencies and organisations using the following methods:

Before the Meeting

(Example only) The lead agency will provide the names, DOB and any relevant information to the attending agency and organisation representatives.

This information will be contained in a password protected document attached to an email to attending agency and organisation representatives. The email will be marked as ‘In-Confidence – external” and will include a privacy statement. The password is sent via a separate email or alternative contact channel (e.g. text).

During the Meeting

(Example only) Information will be shared by attending agencies and organisations verbally. Agencies or organisations that are tasked to undertake actions may record and retain information relevant to undertaking those actions.

After the Meeting

(Example only) Where the lead agency requires additional follow up information that information will be requested from the relevant agency under 66C of the Oranga Tamariki Act 1989. Such requests for information will be made using the agency to agency sharing document.

Information shared between attending agency and organisation representatives outside of these meetings will be done so under the individual agency’s interagency sharing protocols, or by using the agency to agency sharing document.

Keeping information safe and secure

This section of the protocol sets out the security controls required to protect personal information shared at a multi-agency meeting. The section contains two parts: security classification and security controls.

Security classification 

Government agencies must ensure that they comply with the New Zealand Government Security Classification Systems and Protective Security Requirements (PSR) when sharing information. The security classification attached to the information will determine whether any additional controls are required to protect the information and comply with the PSR. You’ll need to identify the appropriate security classification and select from the drop-down box in the agreement template.

Read more information about Protective Security Requirements.

Your ICT or information security team should be able to help you identify the correct security classification for the information being shared. 

As a general rule, all personal information should be classified as IN-CONFIDENCE at a minimum.

Security controls 

Appropriate security controls are an important part of sharing personal information. A loss or compromise of information before, during and after it is shared can have serious impacts on:

  • a child or young person’s privacy
  • the safety of the child, young person, their whanau, their caregivers and those involved in providing support
  • on the agency or organisation’s reputation.

The protocol template contains the minimum level of security controls that should be in place for all information sharing. Depending on the nature of the information shared, you’ll need to consider what additional security controls may be required and add these into the template.

Examples of security controls

Requirements:

  • All attending agency and organisation representatives have completed privacy and information security training modules — both internal modules and any modules associated with the use of a secure business system. 
  • All hard copy information shared at the meeting is securely destroyed at the end of the meeting. 
  • All email attachments containing personal information are password protected. Passwords are sent in separate emails or via an alternative channel (for example text).
  • Information is shared via a controlled system or platform with strong access controls including multifactor authentication. 

Restrictions:

  • Only sharing information with attending agency and organisation representative from approved work devices.
  • If meetings are held virtually:
    • No personal information is to be shared in the chat function.
    • No recording or taking screenshots is permitted.
    • No AI assistants to be used including AI scribes or recording apps.
  • Sharing hard copies of information is not permitted.

Your ICT or information security team will help you determine appropriate security controls to ensure the information is protected when it is shared with attending agencies.

Retention and disposal 

Attending agency and organisation representatives should only retain information shared at a multi-agency meeting if they’re using that information for one of the meeting purposes  for example, undertaking a risk or needs assessment, identifying appropriate support services or interventions. 

Where attending agency and organisation representatives retain shared information for those purposes, they must ensure that the information is stored securely in their agency or organisation’s approved business system.

Information should only be held and retained by attending agency and organisation representatives for the period for which the information is required. Attending agencies and organisations should understand their agency or organisation retention and disposal requirements and how they apply to the information being shared with them at the multi-agency meeting.

You should also consider where and how multi-agency meeting administration documentation such as meeting agendas, minutes and action logs will be stored.

Meeting administration records should be maintained by the lead agency and contain as little identifying information about the child or young person as possible.

A woman with blonde hair shakes the hand of someone sitting across the table from her. Transparency and notification obligations

It’s essential not to lose sight of the children and young people behind the information that you are sharing.

Your multi-agency meeting information sharing protocol will already do this in a number of ways, for instance, by:

  • having a clear and justified purpose 
  • using a legal authority that requires consultation (such as section 66C of the Oranga Tamariki Act)
  • limiting the information that is shared to what is genuinely necessary
  • specifying controls that help to keep the information safe. 

However, you should also set out the steps you’ll take to make sure that people know about the information sharing. This is because, to the greatest extent possible, people should know who is collecting and using their information, and for what purpose. It’s hard to exercise their other rights without that knowledge. Sometimes, they may also be able to choose whether their information is shared or not or provide their views about the proposed sharing of their information.

Putting transparency controls into your multi-agency meeting information sharing protocol will help attending agencies and organisations be aware of and meet any obligations they may have to advise, notify, or consult children and young people about the sharing of their information. This is also a good place to note any controls that ensure that children and young people (or their representatives) will have an opportunity to have a say before any adverse actions are taken against them. 

If there is a good reason not to tell children and young people that their information is being shared, modify the transparency clauses in the protocol template to be clear about what that reason is. Provide the clearest possible information without undermining the interests that you’re protecting. For example, it may still be possible to reflect in an agency or organisation’s privacy statement or transparency statement that the sharing happens, even though details are not given because it could undermine the ability to enforce the law.

Read more information about the notification requirements of IPP3A.

Protocol example – when using section 66C to share information

Transparency and notification requirements

Attending agencies and organisations are required to follow the following notification processes:

Oranga Tamariki Act (section 66C)

Prior to sharing any information about a child or young person the attending agency or organisation must, if it’s practicable and appropriate to do so:

  1. Inform the child or young person concerned or their representative about the proposed sharing. Include the purposes and likely recipients of any sharing.
  2. Provide the child or young person or their representative reasonable assistance to understand the information being shared. Let them express their views about the proposed sharing and understand any consequences resulting from the proposed sharing.
  3. Consider the views expressed by the child or young person.

In some cases, it may not be practicable or appropriate to consult with the child or young person prior to sharing information at the multi-agency meeting. For example, consulting with the child or young person prior to sharing their information could put the child at risk of further harm.

The attending agency or organisation representative disclosing the information must advise the other attending agencies and organisation whether the child or young person was consulted before their information was shared, and if they weren’t, the reasons why.

Privacy and security breach management 

It’s important that the attending agencies and organisations know what to do if there is a privacy or security breach. Having this agreed in advance means you don’t have to figure it out when a breach happens, and everyone is under pressure.

When developing your information sharing protocol you should identify:

  • Who should be told if there is a breach involving information shared at the meeting (pick an agency to be the contact point so everyone knows who to call. That agency will also be the one to contact the Privacy Commissioner if the breach is serious enough that they need to be notified). 
  • How the attending agency and organisation representatives will work together to help to respond to any breach (including deciding what to tell affected people).

The protocol template provides standard clauses that cover obligations in relation to privacy and security breaches. Each attending agency and organisation should check with their privacy team to make sure the proposed privacy and security breach management processes aligns with what’s expected in their own agency or organisation.

Managing conflicts of interest 

It is important that any conflict of interest is identified early and managed appropriately by both the lead agency and the attending agency and organisation representative.

Having a process for managing a conflict of interest helps attending agency and organisation representatives identify any conflicts early and know what they need to do to manage that conflict.

The protocol template provides standard clauses that set out how conflicts of interest should be managed in a multi-agency meeting setting.

Relationship management and oversight

Things change over time, so it’s important to check periodically that the information sharing protocol is working as expected and is still fit for purpose.

We recommend that each attending agency and organisation nominates a relationship manager to represent their agency or organisation. The relationship manager should be someone different to the person that regularly attends the meetings.

The role of the relationship manager

The relationship manager will have oversight of the information sharing protocol. They will check how things are working and will be responsible for addressing any problems that arise. They do not necessarily have to attend the multi-agency meetings, but they do need to have a good understanding of the meetings’ purpose, which agencies and organisations attend, what information is shared, and the legislative framework that permits the sharing.

Relationship managers can also help support their attending agency or organisation representative with any information sharing issues that arise. This could include helping to liaise with the agency or organisation’s privacy or legal teams.

We also recommend that relationship managers check in with their attending representatives on a regular basis to ensure that the protocol is operating as intended. This helps to make sure any issues with the information sharing protocol (such as scope creep) are picked up and fixed early.

A woman sits at a table with a notebook in front of her. She holds a pen in her hand and looks at someone across the table she is talking to. Approving information sharing protocols

Attending agencies and organisations will have different approaches to who should approve a multi-agency meeting information sharing protocol.

However, an information sharing protocol should be vetted by a person in a senior role related to privacy, legal or information and data, whether or not they are the person to sign the protocol themselves. This will make sure that there is appropriate knowledge and oversight of the information sharing, and that proper protections are in place so attending agency and organisation representatives can be confident about their sharing activities.

It's important that the person approving the protocol has sufficient professional knowledge or has received specialist advice to be confident that it’s appropriate to approve the protocol. This provides a level of integrity to the protocol and provides other attending agencies and organisations and the public with confidence that information is being shared appropriately.

Ultimately, each attending agency or organisation will need to determine the appropriate level of approval for the information sharing protocol.

Things to think about when approving an information sharing protocol:

  • Is it appropriate for attending agency and organisation representatives to sign the protocol on behalf of their agencies? Does this provide enough oversight of the protocol and assurance that the information sharing is appropriate? 
  • Senior level approvals and signoffs can take time – think about what parts of the protocol could be amended with agreement of another person (such as the relationship manager) rather than the protocol signatory.
  • How will you ensure that attending agency and organisation representatives are aware of the protocol and understand how the protocol operates in practice?
  • Should attending agency and organisation representatives have to acknowledge that they have read and understood the protocol prior to attending meetings? If so, what should that acknowledgement look like?

Each attending agency and organisation relationship manager should be provided with the finalised signed protocol so they can add the protocol to their information sharing catalogue or register.

Managing information sharing protocols 

Knowing what information you are sharing, with whom, and for what purpose is an important governance measure. 

If you work in the children’s sector or the family harm sector it is likely that your agency or organisation will have representatives attending many multi-agency meetings in multiple areas or regions.

Having all your information sharing protocol information in one place (for example a centralised information sharing catalogue or register) creates efficiencies and supports good governance of your information sharing activities.

For example, you may need to: 

  • report to senior leadership on your information sharing activities
  • respond to a privacy breach and alert all participating agencies
  • respond to an Official Information Act (OIA) request
  • know when to schedule resourcing for information sharing reviews
  • know whether there is already an information sharing protocol in place — so you do not need to create another protocol or agreement or can make quick changes to existing sharing protocols or agreements. 

Review protocol content and processes 

Reviewing your multi-agency meeting information sharing protocols ensures that your information sharing remains fit for purpose. It ensures you’re still only sharing information necessary to achieve the purposes of the meeting.

For example, you may find that additional information held by non-attending agencies is required to achieve the meeting purposes. Or, that different methods are required to share the information more securely. Reviewing the protocol will identify these new requirements and processes and enable the protocol to be amended and updated in a considered way.

The protocol template includes a section for recording an appropriate review period, and which attending agency or organisation is responsible for initiating the review. If the multi-agency meeting has a lead agency, it’s recommended that that agency initiates and manages the review.

There should also be a process for an attending agency or organisation to request a review of the protocol at any time if an issue with the sharing of information has arisen.

Steps for reviewing an information sharing protocol 

A review of the multi-agency meeting information sharing protocol should involve the following steps:

Step

Review Action

1

Read through the protocol and identify areas that require updating (e.g. updates to legislation, changes to attending agencies or organisations and their representatives)

2

Contact with the other attending agencies and organisations relationship manager to confirm whether:

  • The information sharing as documented is still required.
  • There have been any material changes to the purposes for which the information is being shared. 
  • There have been any material changes to the use of the information shared. 
  • Any issues have arisen with the quality of the information shared.

3

Collate the responses from Step 2 and work with the other attending agencies and organisations to make the necessary amendments to the protocol.

4

Sign off the amendments and update the protocol.

5

Provide a copy of the signed updated protocol to all attending agencies and organisations.

6

Ensure all attending agency and organisation representatives are aware of the changes and understand what those changes mean for them.

A man wearing glasses sits at his desk with three other people on his computer screen, in a video meeting. Information for attending agency and organisation representatives 

If you have been invited to attend a multi-agency meeting, there are a number of things to think about before attending. 

Use this checklist to help you prepare and give you confidence around:

  • whether you are the right person to attend the meeting
  • what information you can share 
  • with whom and for what purpose 
  • where that information is held within your agency or organisation
  • the legal authority under which you’ll be sharing the information.

Who should attend? 

To ensure the multi-agency meeting is productive and the right information can be shared with the right people, the right people need to attend.

Think about the following:

  • Am I the right person to attend the meeting?
    • Is your role one where you have access to the information that might need to be shared and the authority to share it (either at the meeting or prior to or after the meeting)? 
    • Do you have sufficient knowledge about the supports and interventions that your agency can provide? 
    • Do you have any conflict of interest (perceived or actual) that may impact your ability to participate the meetings? 

What information can I share? 

You should only share information that is relevant to the purposes of the multi-agency meeting. Before attending a meeting:

  • Ask for a copy of the information sharing protocol - it is important that you are aware of this protocol and understand what information you can share and for what purpose.
  • Ensure you are familiar with the legal authority under which you are sharing and using information. This will give you confidence that you are sharing information appropriately and help you navigate any judgement calls you may have to make about whether certain information should be shared or not. 
  • Understand whether there are any limitations or restrictions on the information you are sharing, including:
    • What database is the information held in? 
    • Is the information up to date and accurate? 
    • Does the information have a security classification that requires additional handling requirements? 
    • Is the information subject to any tikanga considerations? 
    • Does the information have a legal definition that the other attending agencies should be aware of? 

If you are in any doubt about whether personal information can or should be shared at a multi-agency meeting check with your privacy, information sharing or legal team.

Can I use the information shared? 

You should only use information shared at a multi-agency meeting for the purposes set out in the multi-agency meeting information sharing protocol.

When attending a meeting:

  • If information is shared with you at a multi-agency meeting, make sure you understand why the information is being shared with you, and what you are allowed to do with it.
  • If you are tasked to undertake certain actions to support the purpose of the meeting (for example, to contact a named person to undertake a welfare check), ensure:
    • you only use the shared information for that purpose
    • record the information and the actions taken in the appropriate business system. 

How do I share information with other attending agency and organisation representatives? 

It is important that you share information with other attending agencies and organisations in a secure manner. 

Before sharing information:

  • Ask for a copy of the information sharing protocol – it is important that you know how information has agreed to be shared securely with other attending agencies and organisations.
  • If information is to be shared using email:
    • Understand your agency’s policies around emailing personal information to external parties
    • Think about whether emailing the information is appropriate in the circumstances – do you need to password protect more sensitive information in an attachment? Should you verbally share the information at the meeting, then follow up with a secure email to the relevant attending agencies or organisations after the meeting? 
    • Do you need to attach a security classification to your email? Does the recipient/s of the email have the necessary security clearance to receive the information within your email?

  • We recommend that you do not take hard copies of information to a multi-agency meeting. However, if this cannot be avoided ensure you: 
    • Keep the hard copy information secure at all times, especially if the meeting is held in a location outside of your agency.
    • Securely destroy all hard copy information at the end of the meeting.
    • Do not provide the hard copy information to attending agency and organisation representatives.

  • If you’re attending a multi-agency meeting virtually do not put personal information in the chat function, do not record the meeting, and do not take screenshots of information shared using the share screen functionality.
  • If the multi-agency meeting is supported by a business system (e.g., the Family Safety System) or secure online collaboration space (e.g., Microsoft Teams):
    • Do you have appropriate approvals to access the system? 
    • Ensure you understand how the business system or collaboration space works – read and understand the terms and conditions of access and use.
    • Do not share your access credentials with other people.

Before you share information with other attending agency or organisation representatives check your agency’s policies and requirements for emailing personal information to external parties.

How do I manage a conflict of interest? 

If you attend a multi-agency meeting and information is being requested and shared about a child or young person that you know this may create a conflict of interest for you. If this occurs you should:

  • Inform the multi-agency meeting facilitator or lead agency representative as soon as you become aware of the conflict of interest.
  • Remove yourself from the meeting when information is being shared about the individual that creates the conflict of interest.
  • Refer the request for information to another person within your agency to action and respond to.

It’s good practice to check for any potential conflicts of interest before the multi-agency meeting starts. An easy way to do this is by making it a standing meeting agenda item.

Can I share information about the interventions or supports my agency or organisation has provided? 

Where your agency or organisation has been tasked with using the information shared at a multi-agency meeting to undertake an action (e.g. complete a risk or needs assessment or provide a support service) you can share with the attending agencies and organisation the outcome of that action.

Where the multi-agency meeting uses a business system to manage the sharing of information and tasking of actions, you can enter the outcome of your tasking activity directly into the business system (e.g. the outcome of a safety risk assessment undertaken by an agency in response to a family harm incident can be entered directly into the Family Safety System).

Glossary

This section sets out the meaning of key terms used within the guidance.

Attending agencies and organisations

Agencies and organisations that attend the multi-agency meeting and are signatories to the multi-agency meeting information sharing protocol.

Attending agency and organisation representatives

Individuals attending the multi-agency meeting on behalf of their agency or organisation.

Information 

Includes data, personal information, aggregate information, and de identified information. 

Personal information

Means information about an identifiable individual.

Lead agency 

The agency that sets up the multi-agency meeting and is responsible for developing and implementing the multi-agency meeting information sharing protocol.

Māori Data 

Digital or digitisable data, information, or knowledge (including matauranga Māori) that is about, from or connected to Māori. It includes data and information about population, place, culture, and environment.

Multi-Agency Meeting 

A meeting where different agencies and organisations come together for a common purpose in a meeting setting. These meetings can be one-off events or occur regularly over a period of time.

Back to top