Child Safeguarding Software and Data Protection: Best Practices Guide
Introduction to Child Safeguarding Software
Child safeguarding software systems, such as CPOMS (Child Protection Online Management System), are effective tools that help schools and organisations working with children maintain organisation and ensure child safety. These platforms provide a secure and user-friendly way to record, manage and monitor child welfare, offering peace of mind and protection for all stakeholders.
What is CPOMS?
CPOMS is a leading safeguarding software used by schools and educational institutions to document and monitor child protection concerns. It allows staff to record incidents, concerns, and observations in a centralised, secure database that designated safeguarding leads can access.
Key Features of CPOMS
- Centralised recording: All safeguarding information is stored in one secure location
- Chronological records: Incidents are recorded chronologically, creating a timeline of events
- Alert system: Automatic alerts to designated staff when new information is added
- Document storage: Secure storage of relevant documents
- Restricted access: Different access levels ensure information is only available to authorised personnel
- Reporting: Generate reports for analysis and statutory requirements
Similar Safeguarding Systems
While CPOMS is widely used, there are other child safeguarding systems available:
| System | Key Features |
| MyConcern | Safeguarding software that combines all the essential safeguarding tools you need in one easy-to-use platform. |
| Eclipse | Allows you to record and manage all safeguarding and well-being concerns easily |
| CPOMS | Safeguarding and well-being solution for schools |
| Tootoot | Safeguarding software for schools that focuses on bullying and mental health to support students better. |
The Role of the Data Protection Officer (DPO)
In the context of child safeguarding software, the Data Protection Officer plays a crucial role in ensuring compliance with data protection regulations.
Core Responsibilities of a DPO
- Monitoring compliance: Ensuring the organisation adheres to data protection regulations, including GDPR, when processing sensitive safeguarding data
- Risk assessment: Conducting Data Protection Impact Assessments (DPIAs) before implementing safeguarding software
- Training and awareness: Providing training to staff on data protection principles in relation to safeguarding information
- Point of contact: Serving as the contact point for data protection authorities
- Policy development: Creating and maintaining data protection policies specific to safeguarding software use
- Data subject rights: Managing access requests from parents/guardians while balancing safeguarding needs
DPO and Safeguarding Software Implementation
When implementing safeguarding software like CPOMS, the DPO should be involved from the beginning to ensure:
- Appropriate legal basis for processing is identified and documented
- Data minimisation principles are applied
- Retention periods are established and enforced
- Security measures are adequate for the sensitive nature of the data
- Staff roles and access permissions are clearly defined
- Data sharing agreements are in place with third parties, if applicable
Balancing Safeguarding and Data Protection
One of the key challenges for educational institutions is striking a balance between sharing information for safeguarding purposes and complying with data protection requirements. Article 66 of Keeping Children Safe in Education (KSCIE) protects safeguarding and causes for concern, while child-on-child behaviour, parent conversations, and observation activities are subject to disclosure.
Key Principles to Consider
- Lawful basis: Establish and document the lawful basis for processing and safeguarding data.
- Necessity: Only collect and share information that is necessary for safeguarding purposes.
- Proportionality: Ensure the extent of information sharing is proportionate to the safeguarding concern.
- Transparency: Be open with data subjects about how their information will be used, while considering safeguarding needs.
- Security: Implement robust security measures to protect sensitive data.
- Keep to the facts: Ensure the commentary is factual and not based on personal opinion.
- Content: Write your commentary on the view that the data subject, law enforcement, and the judicial system might read it.
Information Sharing Framework
Develop a clear framework for when and how information should be shared:
- Internal information sharing
- External information sharing
- Parental/guardian access
Best Practices for Implementation
Staff Training Requirements
Comprehensive training is essential for effective and compliant use of safeguarding software:
- Initial training: All staff should receive basic training on using the system
- Role-specific training: Additional training for designated safeguarding leads and administrators
- Data protection awareness: Training on data protection principles specific to safeguarding information
- Regular refreshers: Schedule annual refresher training to keep knowledge current
- New staff induction: Include safeguarding software training in onboarding processes
Policy Development
Develop clear policies covering:
- Acceptable use of the safeguarding software
- Recording standards (what to record and how)
- Information classification and access controls
- Data retention and deletion procedures
- Breach reporting procedures
- Data subject rights requests handling
Compliance Requirements
GDPR Considerations
Key GDPR requirements when using safeguarding software:
- Legal basis: Identify appropriate legal basis (usually public task, legal obligation, or vital interests)
- Special category data: Apply additional safeguards for processing special category data
- Data Protection Impact Assessment: Complete a DPIA before implementation
- Privacy notices: Update privacy notices to include information about safeguarding data processing
- Data processor agreements: Ensure appropriate contracts are in place with software providers
- International transfers: Check if data is transferred outside the UK/EEA and ensure adequate safeguards
Sector-Specific Requirements
Consider additional requirements depending on your sector:
- Education: Keeping Children Safe in Education guidance, Ofsted requirements
- Healthcare: NHS Digital Data Security and Protection Toolkit
- Social care: Social Care Records practice guidance
- Charities: Charity Commission safeguarding requirements
Audit and Review
Regular System Audits
Implement regular audits of your safeguarding software system:
- Review user access rights and permissions
- Audit logs of system access
- Quality check records for compliance with recording standards
- Review retention implementation
- Test security controls
Policy Review Schedule
Establish a regular review schedule for all safeguarding and data protection policies:
- Annual review of all policies
- Additional reviews following significant changes in legislation or guidance
- Reviews following any safeguarding incidents or data breaches
- Stakeholder consultation as part of the review process
Conclusion
Child safeguarding software, such as CPOMS, offers valuable tools for protecting children. However, careful attention to data protection principles is essential when implementing it. The Data Protection Officer plays a crucial role in ensuring safeguarding needs are met while maintaining compliance with data protection regulations. By establishing appropriate policies, providing training, and ensuring oversight, organisations can effectively balance these requirements to create a robust safeguarding framework.