KCSiE 2026: Online search requirements for schools softened
The online check requirement in the latest Keeping Children Safe in Education guidance (KCSiE 2026) has been watered down or clarified, depending on your perspective.
We expected the Department for Education (DfE) to clarify that online searches should include a check of public-facing social media accounts. Instead, a small tweak has, perhaps, moved us in the other direction.
We have set out in other articles our position on the importance of getting this requirement right and including social media checks, so we will not repeat it here. Instead, as with all the other articles on the KCSiE 2026 changes, let's focus on what you need to do now.
What does the updated paragraph 299 say?
Paragraph 299 reads: "…As part of the shortlisting process, schools and colleges should consider carrying out a search (via an online search engine) as part of their due diligence on the shortlisted candidates."
Under the 2025 guidance, schools were under a duty to consider carrying out this check via an "online search" rather than "(via an online search engine)."
Why is this a significant change?
For those of you who carry out these checks by starting with a search engine, nothing has really changed. However, many schools and trusts use dedicated platforms to conduct thorough searches of an individual's publicly available online activity, providing a far wider review of content.
These platforms are not an "online search engine", so the question is: can schools and trusts still lawfully use them now that the guidance specifies use of an online search engine?
In short, yes, they can. From a data protection perspective, schools and trusts using a platform to carry out more thorough searches can rely on Legitimate Interest as their lawful basis of processing and must carry out a Legitimate Interest Assessment (LIA) to justify that decision.
What is a Legitimate Interest Assessment and who is responsible?
An LIA is a documented risk assessment that demonstrates your compliance under UK GDPR when processing personal data. It helps ensure that your data processing is lawful and will not cause unjustified harm to individuals' fundamental privacy rights.
Designated Safeguarding Leads (DSLs) and/or recruitment leads should liaise with their Data Protection Officer (DPO) to ensure the LIA is completed correctly and in detail. It is not a complicated task, but getting it right is important for compliance with data protection laws.
If you need support with your LIA, please get in touch with us.
Contact
Dai Durbridge
Partner
dai.durbridge@brownejacobson.com
+44 (0)330 045 2105
Claire Archibald
Legal Director
claire.archibald@brownejacobson.com
+44 (0)330 045 1165