Policy

Provider

Changes

Legislation

General News

NSW Digital Hub puts children’s data security back in the spotlight for ECEC services

Fiona Alston

Jan 15, 2026

Save

A New South Wales Government digital portal designed to streamline funding and reporting for early childhood education and care (ECEC) services has prompted fresh concerns about how children’s personal information is stored, accessed and protected.

The ABC reported that community and mobile preschools are the first services being onboarded, with a broader rollout expected to reach 6,000 preschools and long day care services across the state.

The New South Wales Department of Education describes the Digital Hub as a centralised system for collecting data, reporting and administering program funding. The department says it will eventually become the primary platform for interactions between services and the department, and will replace the existing Early Childhood Contract Management System over time.

The department positions the change as a reduction in duplication and manual reporting, with service data flowing electronically from systems such as child care management software and the National Quality Agenda IT System.

A department data guide for the ECEC Digital Hub states that transfers from CCMS systems occur weekly, and outlines categories including child information (such as name, date of birth and address), enrolment details, attendance information (including log in and log out times), service information and fee details.

While much of this information already sits inside service software systems, centralising it into a state-run platform changes the scale of aggregation and raises new questions about access controls, oversight and data minimisation.

The ABC report included concerns from Nimbin Community Preschool staff about who can access children’s data once it sits within, and moves through, private software systems supporting the government portal.

A key sticking point raised by the preschool was the absence of a requirement for CCMS company employees to hold Working With Children Checks, despite the sensitivity of the information involved.

The report also highlighted the administrative reality for small community providers: while use of a particular CCMS may not be mandated, services described the compliance and reporting environment as increasingly difficult to manage without a digital platform, particularly with limited staffing capacity.

University of Melbourne privacy researcher Dr Niels Wouters, who said he could still access a service’s platform months after his child left, and later discovered his child’s birth certificate was accessible via a public URL. Dr Wouters said he notified the service and software company, but the data remained accessible via that link at the time of reporting.

The report also quoted software developer Phillip Hamilton, who argued that the risk profile is similar to other password-protected online services, while noting that development stages can be a particularly vulnerable point because developers may access production data unless strong safeguards exist.

Regardless of whether data sits in paper files, a CCMS, or a government portal, approved providers must treat children’s information as sensitive and confidential.

National Regulations include requirements around confidentiality of records kept by approved providers (regulation 181) and the safe and secure storage of records and documents (regulation 183).

These requirements sit alongside broader governance expectations in Quality Area 7, where effective systems support risk management and protect children’s wellbeing, including through secure record-keeping and information handling practices.

This issue is not only about cybersecurity. It also goes to consent, transparency and trust.

Actions that can strengthen digital governance immediately include:

Map what personal information is held, where it sits, and who can access it across CCMS platforms, linked portals and internal devices.
Review contracts and policies with software vendors to clarify access permissions, audit trails, breach notification processes, and data retention and deletion pathways.
Tighten access controls inside the service, role-based permissions, least-privilege access, removal of accounts when staff exit, and multi-factor authentication where available.
Update family communication and consent processes so privacy notices clearly explain what information is collected, where it is stored, and who it may be shared with through connected systems.
Refresh incident response planning, including clear internal escalation pathways and decision-making about when to notify families and regulators.

Where a service falls under the Privacy Act 1988, the Notifiable Data Breaches scheme may also apply. The Office of the Australian Information Commissioner states that entities covered by the Privacy Act must notify affected individuals and the OAIC when a data breach is likely to result in serious harm.

The Federal Department of Education has also warned that data breaches can create serious risks for families and service providers, including identity theft and fraud, reinforcing the need for preventative controls.

The New South Wales Department of Education states that digital data storage in ECEC is not new, that centres can opt out of the service, and that CCMS companies are subject to federal and state privacy laws.

For the sector, the key question is not whether digital systems belong in ECEC, but whether governance, procurement and accountability arrangements have kept pace with the sensitivity of the information being handled at scale.

References

NSW Department of Education, The Digital Hub
Office of the Australian Information Commissioner, About the Notifiable Data Breaches scheme and Part 4: Notifiable Data Breach (NDB) scheme.
Australian Government Department of Education, Privacy and Child Care Subsidy.

Don’t miss a thing

Register now for mandatory national child safety training: new communication toolkit released

A new communication toolkit has been released to support early childhood education and care (ECEC) providers, regulators and sector stakeholders to prepare for the introduction of mandatory national child safety training.

Kids on Collins celebrates 30 years with new scholarship supporting non-subsidy families

One of Melbourne CBD’s longest-running early childhood education and care services has marked its 30-year milestone by launching a new scholarship initiative aimed at improving access for families not eligible for the Child Care Subsidy (CCS).

Advertising in ECEC: Reminder on inducements and misleading claims

Approved providers, service operators and marketing teams are being reminded of their obligations under the Education and Care Services National Law when advertising or promoting early childhood education and care (ECEC) services.

Higher interest rates: what the RBA’s 2026 outlook could mean for the ECEC sector

Persistent inflation, cautious monetary policy and a ‘higher for longer’ interest rate environment could shape financial realities for ECEC providers, educators, families and landlords well into 2026.

New National Register to strengthen oversight of early childhood education workforce

A new National Early Childhood Worker Register is being introduced to enhance regulatory visibility of the early childhood education and care (ECEC) workforce across Australia.

Register now for mandatory national child safety training: new communication toolkit released

Kids on Collins celebrates 30 years with new scholarship supporting non-subsidy families

Advertising in ECEC: Reminder on inducements and misleading claims

Higher interest rates: what the RBA’s 2026 outlook could mean for the ECEC sector

New National Register to strengthen oversight of early childhood education workforce

A new National Early Childhood Worker Register is being introduced to enhance regulatory visibility of the early childhood education and care (ECEC) workforce across Australia.

Don’t miss a thing

Register now for mandatory national child safety training: new communication toolkit released

Register now for mandatory national child safety training: new communication toolkit released

Fiona Alston

Feb 06, 2026

Kids on Collins celebrates 30 years with new scholarship supporting non-subsidy families

Provider

Affordability & Accessibility

Quality

Kids on Collins celebrates 30 years with new scholarship supporting non-subsidy families

Fiona Alston

Feb 06, 2026

Advertising in ECEC: Reminder on inducements and misleading claims

Provider

Affordability & Accessibility

Compliance

Legislation

Advertising in ECEC: Reminder on inducements and misleading claims

Fiona Alston

Feb 05, 2026

Higher interest rates: what the RBA’s 2026 outlook could mean for the ECEC sector

Provider

Affordability & Accessibility

Workforce

Economics

Higher interest rates: what the RBA’s 2026 outlook could mean for the ECEC sector

New National Register to strengthen oversight of early childhood education workforce

Mayfield launches ‘Mayfield 360’ to integrate allied health into early learning network

Jill Cameron recognised with Medal of the Order of Australia

Equity is a “Fair Go”: Why 100 Hours of Early Learning Matters for Our Children

Mary MacKillop releases 2024–25 Impact Report; transforming lives at home and abroad

Fiona Alston

Feb 03, 2026

NSW Digital Hub puts children’s data security back in the spotlight for ECEC services

A New South Wales Government digital portal designed to streamline funding and reporting for early childhood education and care (ECEC) services has prompted fresh concerns about how children’s personal information is stored, accessed and protected.

Don’t miss a thing

Related topics

Related Articles

Register now for mandatory national child safety training: new communication toolkit released

Kids on Collins celebrates 30 years with new scholarship supporting non-subsidy families

Advertising in ECEC: Reminder on inducements and misleading claims

Higher interest rates: what the RBA’s 2026 outlook could mean for the ECEC sector

New National Register to strengthen oversight of early childhood education workforce

Related Articles

Register now for mandatory national child safety training: new communication toolkit released

Kids on Collins celebrates 30 years with new scholarship supporting non-subsidy families

Advertising in ECEC: Reminder on inducements and misleading claims

Higher interest rates: what the RBA’s 2026 outlook could mean for the ECEC sector

New National Register to strengthen oversight of early childhood education workforce

Don’t miss a thing

Related Articles

Register now for mandatory national child safety training: new communication toolkit released

Kids on Collins celebrates 30 years with new scholarship supporting non-subsidy families

Advertising in ECEC: Reminder on inducements and misleading claims

Higher interest rates: what the RBA’s 2026 outlook could mean for the ECEC sector

New National Register to strengthen oversight of early childhood education workforce

Mayfield launches ‘Mayfield 360’ to integrate allied health into early learning network

Jill Cameron recognised with Medal of the Order of Australia

Equity is a “Fair Go”: Why 100 Hours of Early Learning Matters for Our Children

Mary MacKillop releases 2024–25 Impact Report; transforming lives at home and abroad

Keep Exploring