Australian ECEC Directors & Providers - Children's Data Privacy Audit

Every ECEC service in Australia collects data about children. Enrolment forms. Developmental records. Medication. Incidents. Daily observations. Photos. More and more of it held not by the service itself, but by third-party platforms they chose, set up, and handed the keys to. Most directors have no idea what happens to that data after it leaves their system. That's not a criticism. It's a structural problem. The platforms are complex, the privacy policies are written for lawyers, and nobody in the sector has sat down and actually measured what these tools do against what Australian law requires. Guarding Little Footprints is a research project auditing the data privacy and security practices of the platforms used in Australian early childhood education and care. Each platform gets assessed against the Australian Privacy Principles, the NIST Cybersecurity Framework, and OWASP application security standards, using only publicly available information. The goal isn't to name and shame. It's to give the sector (directors, approved providers, peak bodies, and regulators) an evidence base they don't currently have. I'll be sharing findings here as the research progresses. If you work in ECEC, advise services, or care about children's data rights, I want to hear from you. Which platforms are you using? What questions do you wish someone would answer? Drop them in the comments. Your experience shapes where this research goes.