Child Protection, Incident Management & Regulatory Compliance
NAS Jiaxing | Updated: 2026-06-19
A Safeguarding Lead used a cloud AI tool to summarize a complex child protection case. The document contained:
Result: Highly sensitive child protection data processed on US servers. Criminal breach of safeguarding obligations. Potential regulatory action.
| Task | What Gets Leaked | Risk Level |
|---|---|---|
| Summarizing child protection reports | Child's identity, abuse details, family history | CRITICAL |
| Drafting referral letters | Medical details, social services info, police data | CRITICAL |
| Analyzing patterns | Multiple children's data, statistical trends | CRITICAL |
| Training materials | Case studies with real details | HIGH |
| Chronologies | Timeline of events with names and dates | CRITICAL |
Current (Dangerous): Upload full CP report to cloud AI
Local AI Method: Use anonymized case numbers and generic descriptions
Current (Dangerous): Use cloud AI to draft referral letters with full details
Local AI Method: Generate template, then add specific details manually
Current (Risky): Use real case studies in cloud AI
Local AI Method: Generate fictional scenarios with no real data
Current (Risky): Upload timeline to cloud AI for formatting
Local AI Method: Use anonymized event codes
| Task | Cloud Tool (Risky) | Local Alternative (Safe) |
|---|---|---|
| Document drafting | ChatGPT, Claude, Gemini | Ollama + Qwen/Llama (self-hosted) |
| Case management | Google Docs, Notion | Nextcloud (self-hosted) + encryption |
| Communication | Email, WhatsApp, WeChat | Secure internal messaging (Matrix/Rocket.Chat) |
| File storage | Google Drive, OneDrive | Encrypted local NAS + Tailscale |
| Audit logging | Third-party services | Local audit system with tamper-proof logs |
We have already built and deployed these tools:
All data stays on school premises. Full audit logs. Zero cloud exposure.