Briefing body
What happened
On 7 January 2026, ABC News reported growing concern about the New South Wales Department of Education’s Digital Hub rollout for early learning providers.
The story described a system that centralises service information from third-party child care management software, with more than 60 fields of data transferred weekly per child. It also highlighted two concerns operators should not ignore: the exposure created by third-party access and the possibility of poor retention or access controls, including one example where a child’s information remained reachable through a public URL.
Why it matters for operators
This story is bigger than one state platform.
It is a reminder that childcare data risk often sits in the edges of the stack rather than in the obvious places. Operators usually focus on centre staff access, but the real exposure can sit with software vendors, implementation teams, inherited permissions, weak deletion processes, or badly governed URLs.
The governance question is not just whether a system is officially required or whether a vendor says it is secure. It is whether the operator can explain who can access what, for what purpose, for how long, and under what controls.
Operational impact
First, third-party data flow needs to be mapped properly. If enrolment data, consent records, attendance data, and identity documents move through multiple platforms, the provider should know the path and the control points.
Second, retention and deletion practices matter more than many centres realise. Even where the law does not give a simple deletion right, providers should still know what happens to records when a child leaves, when a family withdraws, or when a vendor relationship ends.
Third, supplier assurance is now a live governance issue. If a provider relies on a software company to handle sensitive child information, that provider should know how access is granted, logged, reviewed, and removed.
What to review now
- Document every third-party platform that stores or transfers child and family data.
- Review who at each vendor can access production data and how that access is approved.
- Check whether old records, attachments, and URLs remain reachable after a child leaves the service.
- Confirm retention, deletion, and breach-notification obligations in vendor contracts.
- Test whether your privacy notices actually match the way data moves in practice.
Lunero perspective
Operators should treat child data governance as an infrastructure issue, not a policy page issue.
The more fragmented the software environment becomes, the more important it is to minimise data spread, keep purpose tight, and maintain a defensible audit trail of access and export activity. This is especially important where a platform handles sensitive documents, images, attendance histories, or identifiers that can follow a child for years.
For providers evaluating new safety technology, this story also reinforces a simple principle: not every useful system needs to centralise or permanently retain more personal data than the use case requires.