2f5de000
Jan 5, 2026

CPOMS and Safeguarding Databases

Part 4 - English Schools Have Become Surveillance Institutions

CPOMS (Child Protection Online Management System) is viewed by over 20,000 schools across the UK and approximately 16,5000 globally. The system serves a legitimate and important purpose, recording safeguarding concerns about children to ensure vulnerable children don't slip through the cracks. When properly used, it helps schools identify patterns, coordinate responses, and maintain proper records of serious welfare records.

The problem isn't that safeguarding records exist - it's how comprehensively, subjectively, and permanently these digital systems capture children's lives.

CPOMS allows school staff including: teachers, teaching assistants, lunchtime supervisors, and administrative staff - to log concerns about children. The system is designed to capture everything staff notice or worry about:

  • Physical injuries, bruises, or marks
  • Behavioural changes ("seemed quieter than usual today")
  • Parental interactions and concerns
  • Peer relationship issues
  • Subjective observations ("appeared anxious," "looked tired")
  • Overheard conversations
  • Comments from other children
  • Academic struggles potentially linked to home circumstances
  • Attendance patterns
  • Any interaction that might indicate a welfare concern

The threshold for logging information is deliberately low. Training encourages staff to "record everything just in case" and "if in doubt, write it down." The guiding principle is that it's better to over-record than to miss something important.

This creates an extraordinarily detailed chronicle of a child's school life, with particular focus on moments of vulnerability, difficulty, or concern.

A teachers gut feeling becomes a permanent record. "Emma seemed upset after break, possible friendship issue?" becomes a timestamped entry in a database. The teacher maybe entirely wrong. Emma might have been thinking about a book she was reading, or feeling unwell, or simply having a quiet moment. But the speculation is now documented.

These entries are rarely revisited or removed even when they turn out to be unfounded. A concern logged in Year 2 about a child who "seemed withdrawn" following a playground incident remains in their record through year 6, even if the incident was trivial and the child was fine.

CPOMS policies acknowledge this issue but struggle to address it. One school's CPOMS policy states that records should be "defensible" and asks: "Is it clear what happened, what was done about it and why?" But subjective observations ("seemed anxious") are inherently difficult to defend.

Limited Parental Access

Parents often don't know what's recorded about their child in CPOMS. Schools are not required to proactively inform parents of every entry, particularly for "low-level concerns" that don't trigger formal safeguarding procedures.

To see CPOMS records, parents must submit a Subject Access Request (SAR) under GDPR, a formal, often intimidating process that many parents don't know exists. Even when SAR's are submitted, schools can withhold information if they deem disclosure would adversely affect safeguarding efforts.

This creates a power imbalance: schools accumulate detailed records about children and families, but families have limited visibility into what's being recorded or how it's being interpreted.

Information can be corrected under GDPR only if it's factually wrong. If a teacher wrote "child had a bruise on their arm," that's a fact that cannot be changed even if the explanation (fell off bike) is entirely innocent. Subjective interpretations ("parent seemed defensive when asked about the bruise") are even harder to challenge.

Retention and Transfer

Safeguarding records, including CPOMS entries, must be retained until a child's 26th birthday under current guidance. This means a concern logged when a child was five years old will be kept for 21 years.

When children change schools, CPOMS records transfer with them. The new school receives the entire chronology, (every logged concern, every note, every subjective observation) creating a narrative that may shape how staff perceive and interact with the child before they've even met them.

A child who had a difficult period in Year 3, perhaps related to family stress, friendship issues, or developmental challenges, carries that record through secondary school and beyond, even if they've long since moved past those difficulties.

Security and Data Breaches

CPOMS is a cloud based system. All data is stored on external servers managed by the company. According to government privacy notices, "CPOMS is an online system, used by over 16,500 schools across the globe" to record safeguarding information including sensitive details about abuse, neglect, disabilities, and family circumstances.

Multiple staff members have access to CPOMS - not just designated safeguarding leads, but potentially teachers, teaching assistants, administrative staff, and others depending on permission settings. One school policy notes that "all staff should have their own login for CPOMS: this includes LTS [lunchtime supervisors], Cleaning Staff and Administrative Staff."

The more people with access, the greater the risk of data breaches, inappropriate access, or information being shared beyond its intended purpose. Schools using CPOMS have experienced data breaches, with confidential safeguarding information exposed.

Additionally, CPOMS staff potentially have access to all client schools' data for system administration and support purposes, though this should be strictly controlled and audited.

Function Creep

CPOMS was originally designed for serious safeguarding concerns - child protection cases involving abuse, neglect, or significant harm. Its use has expanded dramatically over time.

Schools now use CPOMS to record:

  • Minor behavioural incidents
  • Friendship disputes
  • Academic concerns
  • Attendance issues
  • "Low-level concerns" about staff-pupil interactions
  • Pastoral welfare notes
  • Wellbeing observations
  • Essentially anything staff think might be worth documenting

This expansion is encouraged by the system's design and by safeguarding culture that emphasises "better safe than sorry." CPOMS marketing materials promote the system's ability to track "child protection, safeguarding and a whole range of pastoral and welfare issues"

The result is that children who have never been at risk of abuse or neglect nonetheless have extensive CPOMS files documenting their childhood struggles, mistakes, and difficulties.

CPOMS doesn't exist in isolation. It's part of a broader infrastructure of multi-agency information sharing designed to protect vulnerable children.

Multi-Agency Safeguarding Hubs (MASH)

Many local authorities operate Multi-Agency Safeguarding Hubs. These are centralised systems where information from schools, social services, police, health services, probation, and other agencies are pooled and analysed.

According to a 2014 Department of Education report on MASH implementation, these hubs enable "the sharing of information between services so risks to children can be identified at an early stage." Partner agencies include:

  • Children's social care
  • Police (including domestic violence advisors)
  • Health services (hospitals, GP's, mental health services)
  • Education (schools, early years settings)
  • Probation services
  • Youth offending teams
  • Housing services

When a safeguarding concern is raised about a child, MASH partners share information from their respective systems to build a comprehensive picture. A teachers concern logged in CPOMS might trigger a MASH referral, which then pulls in:

  • Police intelligence about the family (domestic violence reports, arrests, convictions)
  • Health records (missed appointments, A&E visits, mental health referrals)
  • Social services history (previous involvement, assessments, support plans)
  • School data (attendance, exclusions, behavioural incidents)
  • Housing information (evictions, homelessness, overcrowding)

This information sharing can be life-saving. Children have died because agencies didn't share critical information and warning signs were missed in isolated silos. Multi-agency working, when done well, connects the dots and enables timely intervention.

But it also creates comprehensive surveillance of vulnerable families.

The Privacy Concerns

Information flows between agencies with varying purposes. Police intelligence gathered for criminal investigation gets shared with schools and health services. Health information disclosed in confidence to a GP gets shared with social workers and teachers. School observations about a child's behaviour get shared with police.

Each agency collected the information for its own specific purpose, often with specific legal protections. But once it flows into MASH, it becomes part of a shared dataset used for a different purpose: safeguarding assessment.

Not all information is safeguarding relevant. Police might share that a parent was arrested for drug possession ten years ago, long before the child was born. Health services might note that a father has depression. Schools might report that a child is frequently late.

None of these facts, in isolation, indicate child abuse. But aggregated in a MASH system, they create a profile of a "high-risk family" that shapes how agencies interact with them.

Consent is often bypassed. The Data Protection Act 2018 allows information sharing for safeguarding purposes without consent "where in the circumstances consent cannot be given, it cannot be reasonably expected that a practitioner obtains consent or if to gain consent would place a child at risk."

This is necessary in cases of serious abuse where informing parents could put a child in danger. But the safeguarding exemption is interpreted broadly, allowing information sharing without consent in situations where seeking consent would actually be straightforward and appropriate.

According to UK government guidance on multi-agency working, "practitioners should be aware of powers to share information without consent" under safeguarding provisions. While the guidance notes that practitioners "should be aware of the duty of confidence," the practical reality is that safeguarding concerns can justify information sharing in a wide range of circumstances.

Parents may not know what's being shared. Multi-agency systems operate largely behind the scenes. A parent whose child is discussed at a MASH meeting may not be informed until a decision has been made about next steps. They won't know which agencies contributed information or what was said about their family.

One MASH service's documentation notes: "Do I need to obtain consent before making a referral to MASH? Each borough will be asked to endeavour to obtain consent where this appropriate and/or possible. However, where there is a concern that a child's safety or welfare is at risk this is not always the case."

Can families consent inaccurate information? In theory, yes - through complaints procedures and data protection rights. In practice, it's extremely difficult. Information shared through MASH is often intelligence or professional judgement rather than verified fact. A police officer's note that a parent "appeared intoxicated" during a home visit is subjective. A teacher's observation that a child "seemed fearful" is interpretive. These assessments are hard to challenge even if they're wrong.

Proportionality questions persist. Is sharing justified in every case? The stated goal of MASH systems is to prevent children "falling through cracks" by ensuring all relevant information is available to decision-makers. But comprehensive information sharing about families creates a form of surveillance that may be disproportionate to the actual risk in many cases.

The UK's multi-agency safeguarding infrastructure reflects a fundamental tension: the need to protect vulnerable children versus the privacy rights of families. Getting this balance right is extraordinarily difficult, and the current system arguably errs too far toward surveillance, particularly for families already disadvantaged by poverty, mental health issues, or involvement with police.

Sources: