Childcare posted ds biting to all parents

[Nov191919]

Hi

My sons going through a tricky time, not sleeping etc and v cranky as a result. He's 3 1/2 and yesterday bit another kid at childcare. The childcare posted the incident report to the general group with my sons name.

Any advice about what to do here?

@CelesteCunningham You don't get it do you?

This is a serious breach. It should never happen. It is more serious than the NHS worker because personal data has been issued to numerous people.

Breaches of this nature happen day in day out due to human nature. No it doesn't. Anyway there is no point me arguing further.

GDPR doesn’t work like that - processes and procedures should be put in place to prevent data breaches and if they do happen they have to be reported. A ‘sorry guys’ and a ‘remember not to do that’ isn’t sufficient. There also doesn’t need to be an assault.

Then please seek training and support urgently around issues of safeguarding, especially as regards confidentiality, as you seem to believe it is safe and appropriate to share details related to specific children in your care with members of the general public not employed by or in your organisation. (As you think it was fine to share details of OP's son with all other parents without her consent).

OP, because of some of the random stuff that has been chucked in here (and I am sure you will be grateful all your days for the advice "tell your son not to bite" - if only you could have thought of it yourself, instead of sharpening his teeth and giving him a reward chart with stickers every time he draws blood, which is what i suspect you do....)

Sorry, my gallows humour. I am sure you are addressing his biting, and please be reassured, it's not an uncommon phase - I had friends whose kids went through it and, like everything, it does pass.

This is not a thread about biting, it's a thread about data breech. Can you tell us exactly how much identifying detail was shared, so we can help you maybe work out how best to respond and how far to take it.

For me, I would always want if possible to accept human error, so if no harm done and the nursery generally seems like a safe place from my child, I would potentially be willing to just tell them how I felt and seek reassurance it wouldn't happen again, and no further action.

But it does depend I think exactly what details were shared, and how, and why? (Was it an accident, definitely?)

Oh wow. Pretty sure they're not allowed to do that. As someone else mentioned, the whole GDPR thing. That's really, really unprofessional of them. I would be fuming.
Probably to the point that I would remove him from nursery (but I know that's not as simple as it sounds :/).

As per usual, everyone on Mumsnet turns into a dick and gives you a hard time!

At the end of the day, he is 3! Sometimes it happens. Yes, the other parent(s) would be angry about this, but the nursery absolutely should not have posted this.

Just read another post. It is absolutely true that the nursery don't give out names of the biter.

It happened to my Daughter. My partner was furious but the nursery would not give him a name. They're not allowed to.

It's a breach of confidentiality. Even worse if it contains his full name. First name still isn't ideal as there could be more than one.
I'd have a word with the nursery, to ensure it doesn't happen again. Chances are it was a mistake.

Also people judging and saying biting at 3 and a half is unacceptable, you don't know any circumstances of OP child to be making those comments.

Bloody hell this thread!

First it's very telling that your main concern is not seeking advice on here on the biting and how to prevent going forward, but that you've come to seek advice on how to punish the nursery for saying who did the biting. All that needs saying is to please remove the name and ensure it doesn't happen again.

Second, this is not a "major GDPR breach" as some dopey posters are saying and even worse the ones saying to call the police. Honestly "GDPR" is one of the most over used phrases on this website. People don't have a clue and just parrot it as they think (erroneously) it makes them sound smart.

It’s precisely because of ‘furious’ parents that they don’t, @buma

You may feel GDPR is over used on MN @ouch321 but unfortunately this is one of those occasions where there absolutely has been a breach and it needs to be reported, both by the parent and the nursery, regardless of how irritating that might be to you.
(Oh - and I do have a clue actually).

Completely inappropriate and clear breach of GDPR. I would be extremely pissed off and pursue this.

This, I'm confused, on one hand to the bitten child's parents it's 'for goodness sake, it's just a bite, everyone bites/gets bitten, it's nothing, get over it'
To the biter's parents.. 'CALL THE POLICE!! GDPR BREACH!!! people will know your child bites! Call the police!!

Wow, wonderful advice. I'm sure she hadn't thought of telling her 3 year old not to bite 🙄

Couple of things:

• Biting is, unfortunately, normal behaviour in some children when they are developing. Obviously, parents and nursery workers need to work to address it, but the child will grow out of it.
• Secondly, this is a data breach. It may not be reportable but the nursery should still apologise and explain what they are doing to prevent this happening again.

Useful info here: https://ico.org.uk/for-organisations/law-enforcement/guide-to-le-processing/personal-data-breaches/

Well there is a middle ground though. I obviously wouldn’t call the police but I would have been upset as DS being ‘named and shamed’ to be honest. I found his biting stage really upsetting as a parent. I’ve much preferred it when he’s been bitten!

It is a breach but not a major one. Certainly not a case for the police or anywhere near as serious as an NHS worker looking up medical records on purpose.

The biting and gdpr issue are different things. They absolutely should not have released his name. Of course you should complain, they need to review their processes.

The biting, it happens, you're dealing with it. People on here are so dramatic sometimes.

I don’t know @CelesteCunningham . It could be to be honest - I have to admit I wouldn’t be at all impressed if I was confronted by a ‘furious’ father at drop off or pick up (or even at home which is just possible) and I’m very mild mannered about human error as a rule. I obviously wouldn’t report it to the police but it would just possibly be enough to make me lose confidence in the setting.

Fully agree it shouldn't have happened and it will need to be dealt with. But it is just one of those things unfortunately.

It's possible to be annoyed about a childcare setting unlawfully sharing information about a child, and to be working to correct unpleasant behaviour.

That’s a GDPR breach I would report it

Can you point to where I said it was?

I was responding to the thread in general, I know it wasn't you who suggested the police or likened it to much more serious cases.

So much of the advice on here is actively unhelpful to OP, who presumably needed to leave her DC with the nursery this morning.

They shouldn’t name your child, this will send other parents on a witch hunt. We had a similar thing at DC nursery and turns out it wasnt that child after all.

OK - thanks for clarifying. It’s just that you quoted me specifically so it looked like you were linking me to the suggestion that the police be called or that it was as serious as an NHS staff member looking at patient records.

Well, I mean, you did post repeatedly about GDPR but not once to counter the more extreme suggestions on the thread including those by @sashh so I think it's fair to say you were advocating responses along official channels rather than a more measured approach.

No, don’t put words in my mouth - I don’t have to counter or support anything posted by anyone else on this thread. That’s not the way MN works.

It is a breach of course. Perhaps you weren’t aware of that either.