Expanding the Definition of Safeguarding to include Children’s Data Protection
By Paul Singh
The modern classroom is increasingly digital, with online learning platforms, student databases, and remote collaboration tools now integral to education. But while technology opens doors to knowledge, it also exposes young learners to online risks. As Founder and CEO of Equal Education, an organisation that supports children in navigating educational challenges and overcoming barriers to learning, I believe that we can in many ways create social change and impact through technological innovation. Sometimes this means rethinking how we work, and embracing new tools and technologies that can help us go further.
Solving Complex Problems
My own background as a research engineer looking into the thermodynamics and computational fluid dynamics of complex materials, or as the marketing team would call it, simply ‘ice cream,’ has taught me to see innovation as more than efficiency. It’s about solving complex problems in ways that really matter, and that belief continues to shape how we approach our work at Equal Education today.
One area that I think deserves much more attention is expanding the definition of safeguarding to include children’s data protection. Traditionally, safeguarding in education has meant keeping children safe from harm in the classroom or at home. But in today’s world, we need to take a much broader view. Malicious actors are targeting organisations of every size, and sadly that includes those working with children. This means we have an end-to-end responsibility to protect not just young people, but also protect their data and experiences online.
We’ve all seen the headlines of the increasing number of cyber attacks happening on UK businesses and organisations. Household names like Co-op, Marks & Spencer, and Jaguar Land Rover have been hit by cyberattacks. More shockingly, a chain of nurseries were recently targeted, with photos and profiles of young children shared on the dark web. It’s a chilling reminder that no organisation is “too small or too large” to be attacked and why every organisation has a duty to run best practice cyber security. While most of us question why a nursery would be targeted, it is important to note that any organisation is fair game to cyber criminals. The responsibility and the onus lies on us to run best in-class cyber security to deter these opportunists, who have openly admitted their only motivation is the extortion of ransom money.
Understanding The Risks
Schools store a wealth of sensitive pupil information: contact details, health records, academic data, and sometimes financial information. This makes them a prime target for cybercriminals.
Data breaches and stolen credentials in schools: 30% of incidents were reportedly caused by stolen login details, underscoring the need for stronger digital safeguards underscoring the need for stronger digital safeguards.
Attack vectors: Phishing emails, ransomware, and malware can compromise school systems, disrupt learning, and expose personal data.
Despite the implementation of the Children's Code, 71% of parents remain unaware of its existence, underscoring the necessity for enhanced public awareness and education on children's data protection laws. What’s striking is how fast and precise these attacks are, and how damaging they can be, which raises the question: what more can we do internally to deter cyber attacks?
Impact on Children
For me, this isn’t abstract. When we at Equal Education provide devices to young people for remote learning, we have to think carefully about how to keep them safe. I often tell colleagues that giving a child an iPad without safeguards is like opening Pandora’s box and protecting them means protecting the technology and data that supports them.
At Equal Education, safeguarding goes beyond the classroom. We work with children navigating trauma, SEND, or care experience and that have highly sensitive personal information: medical history, care plans, education needs, and social work details. Protecting children today also means protecting the systems and data that support them. That’s why we’ve put strong controls in place that prioritise child safety.
One way we do this is by using modern approaches like Zero Trust. Unlike traditional virtual private networks, which assume that anyone inside the network can be trusted, Zero Trust works on the opposite principle: no one is trusted by default, whether inside or outside. In practice, this means that only company-owned devices can access our systems, and those devices must meet strict requirements running approved operating systems, being device-managed, not reported missing or stolen, and locked with a passcode. The system even checks continuously, using location data where needed, to make sure access is only granted in the right circumstances.
Protecting Personal Data Is Part of Safeguarding
For us, this isn’t just about technology. It’s about creating a secure foundation to ensure we are protecting our most vulnerable children. One of the latest threats we’re seeing is cybercriminals targeting employees directly, attempting to blackmail them into handing over their login details. This is concerning, as it could allow attackers to override networks. However, because of the systems we use at Equal Education, even if an employee were compromised, we have an additional layer of protection, ensuring access cannot be gained through non-approved devices.
The truth is that any system is only as strong as its weakest point. That’s why safeguarding must be seen in the widest possible sense. It’s not only about protecting children in the classroom, it’s about protecting their data, their privacy, and ultimately, their futures.
CEO and Founder, Paul Singh
