NSW Preschools Transition to Digital Data Management Amid Privacy Concerns
The New South Wales government has implemented new regulations requiring early learning institutions to upload children's personal data to a digital hub. This initiative, which began with community and mobile preschools, aims to reduce administrative burdens and streamline data collection for the NSW Education Department.
Digital Hub and Third-Party Systems
The Digital Hub integrates information from various third-party Child Care Management System (CCMS) programs. These platforms are used by early learning providers to store and transfer over 60 fields of data per child weekly, including enrolment details, fee information, consent forms, and attendance records. While CCMS platforms have been in use for approximately a decade, the new mandate has brought renewed focus on data security protocols.
Administrator and Parent Concerns
Preschool administrators, such as Susie Godden of Nimbin Community Preschool, have expressed concerns regarding the access to children's data. A primary point of contention is that employees of CCMS companies are not legally required to possess Working With Children Checks (WWCC), a standard requirement for individuals working directly with children. Administrators report that operating without a digital platform has become increasingly difficult due to additional regulatory requirements.
Further concerns have been raised by parents and digital privacy researchers. Dr. Niels Wouters, a privacy researcher, reported instances where his child's data, including a birth certificate, remained accessible via a public URL after the child left preschool, despite attempts to have the data removed. Australia's current Privacy Act does not mandate a right to data deletion.
Software Security Perspectives
Phillip Hamilton, a software developer formerly associated with a CCMS company, stated that the risk of unauthorized data access in CCMS platforms is comparable to any online system protected by credentials. He identified the development phase as a potentially vulnerable point, where software developers, who also are not required to hold WWCCs, have access to data. Hamilton indicated that his company utilized non-disclosure agreements for programmers and that operational software logged all access via usernames and passwords.
Official Responses
The NSW Department of Education declined an interview but provided a statement indicating that digital data storage in the sector is not new. The Department also stated that centres have the option to opt out of the service and that CCMS companies are subject to federal and state privacy laws. The Australian Children's Education and Care Quality Authority and the NSW Office of the Children's Guardian either declined to comment or referred inquiries to other government departments.