Operating a platform that collects reports of serious crimes, particularly those involving children, creates significant legal obligations under UK law. Failure to meet these duties of care can result in criminal liability, civil lawsuits, and harm to vulnerable individuals.
This page outlines the minimum legal requirements. Standard web development practices and basic contact forms are wholly inadequate for this type of work.
Duty of care is a legal obligation requiring individuals and organisations to adhere to a standard of reasonable care whilst performing acts that could foreseeably harm others. When handling reports of serious crimes, this duty becomes particularly stringent.
Established in Donoghue v Stevenson (1932), the test is whether you owe a duty to persons who are so closely and directly affected by your actions that you ought reasonably to have them in contemplation as being affected when directing your mind to the acts in question.
When you invite people to report serious crimes, you create a relationship of trust and reliance. Victims become vulnerable to your actions and decisions. This establishes clear legal duties to:
Requires organisations to investigate and act on suspected child harm. If you receive reports suggesting a child is suffering or likely to suffer significant harm, you have statutory duties to act.
Mandates arrangements to safeguard and promote child welfare. Organisations handling child abuse reports must have proper safeguarding policies and procedures in place.
Extends safeguarding duties to vulnerable adults. Covers adult victims of trafficking, abuse, or those with care and support needs who are at risk of harm.
Mandates reporting of FGM in under-18s by professionals. Failure to report when legally required carries penalties up to 7 years imprisonment.
Requires notification to the Home Office or police for suspected trafficking cases. Creates duty to report suspected modern slavery offences.
Mandates DBS checks for individuals in regulated activities involving children or vulnerable adults. Staff handling abuse reports require vetting.
Must disclose hosting locations, third-party processors, and data flows. Failure to document processing activities risks ICO enforcement.
Mandatory for high-risk processing like sensitive criminal data. Must assess and mitigate privacy risks.
Requires safeguards for data transfers outside UK/EEA. Critical if using US hosting or platforms like Typeform.
Maximum ICO fines for GDPR breaches involving sensitive data
Legal requirement under Working Together to Safeguard Children (2023). Must be appropriately trained and have clear authority to make safeguarding decisions.
All personnel handling sensitive disclosures must undergo appropriate checks and training as required by the Safeguarding Vulnerable Groups Act 2006.
Established the neighbour principle - duty to avoid acts likely to injure those you can reasonably foresee would be affected.
Three-stage test: foreseeability, proximity, and whether it's fair and reasonable to impose a duty.
Local authorities owe duty of care to children in their area. Failure to investigate suspected abuse can result in liability.