Children cannot consent, cannot understand risks, and cannot undo data exposures later. Their records are long-lived, sensitive and uniquely impactful. This means systems handling children’s data must meet a higher standard than those built for adults.

Here in Australia, centres and vendors must comply with the Privacy Act 1988, including the Australian Privacy Principles (APPs). It requires that information must only be collected for reasonably necessary purposes, it must only be used and disclosed for that purpose, and reasonable steps must be taken to protect personal information.

For many centres, the vendor is a third-party “processor”, but legal responsibility is shared. Educators must handle data appropriately, and vendors must secure it appropriately. Neither can contract out of these obligations.

Parents worry about:

• where photos and documents are stored

• who has access

• how long data is kept

• whether data is truly deleted

• whether their child appears in other children’s portfolios

• how breaches are handled.

These concerns are not suspicion. They’re basic, responsible questions about their child’s safety.

Yes, for operational and legal purposes such as incident reports, attendance, and health alerts. But parents can decline or refine:

• photos

• visibility settings

• sharing with other families

• marketing or promotional use

• internal training use.

Immediate, honest communication. Parents expect to know what happened, what data was accessed, who is affected, how risk is being reduced, what steps will prevent recurrence.

Under the Notifiable Data Breaches (NDB) scheme, families must be notified when there’s a likely risk of serious harm. Images of children almost always meet that threshold.

Safer Footprint is only just getting started. For now, head to the contact page to get in touch, and we’ll respond to your query within 2 days.