The Government’s proposed Single Unique Identifier (SUI), set out in the Children’s Wellbeing and Schools Bill, is being presented as a means of improving data sharing between key agencies such as the NHS, schools, and social services. The SUI is a number unique to each individual that can be used to identify them. Currently there are two pilot schemes underway using children’s NHS numbers as their SUI. The proposal’s stated aim is to prevent children from being lost in the very systems designed to safeguard them. While this may sound beneficial, the proposal raises two serious concerns:
- Lack of parental access to data – There are no provisions for a dedicated parental portal, meaning parents will be unable to monitor their child’s data in real time. While they will retain the right to make subject access requests, this process is cumbersome, and information can be lawfully withheld in certain circumstances.
- Weak safeguards for sensitive data – The measures outlined to protect this data are inadequate, increasing the risk of breaches or misuse.
In a House of Lords debate on 22 May 2025, the Government confirmed its intention to designate the existing NHS number as the mandatory SUI. This number would automatically link records across a wide range of services, including:
- Schools and education departments
- NHS trusts, GPs, and other health services
- Social care services
- Local authority children’s services
- Police and safeguarding teams
For example, a child known to social care could have their school attendance and health records automatically matched for safeguarding purposes. While this may aid investigations in some cases, it also centralises sensitive personal data to an unprecedented degree.
The Government has stated that one of the primary motivations for introducing the SUI is to identify children not enrolled in traditional schools. Other motivations include faster information-sharing in child protection cases. Regional trials are already underway: in Wigan, the NHS number is being integrated into children’s social care and health systems; while in Wales, a pilot scheme is cross-checking NHS data against education records to identify unenrolled children.
Digital rights groups, such as Defend Digital Me, have compared the SUI to the similar experimental ContactPoint scheme, abandoned in 2010, warning of “scope creep” and misuse beyond the original purpose. They highlight the dangers of distributing NHS numbers to a wide network of “designated persons” — including local authorities, schools, health services, and police — which could inadvertently expose vulnerable families to greater risks rather than improving their safety.
The absence of a parental portal is particularly troubling. It would allow professionals — teachers, doctors, youth workers — to record information about children without their parents’ knowledge, input, or oversight. Although existing data protection laws remain in force, they are far from foolproof. Subject access requests are slow, limited, and details can be omitted on some grounds.
Ultimately, the SUI could offer some advantages in preventing harm to children, but the potential dangers are profound. They system risks data leaks, over-sharing of subjective information, and the steady erosion of parental responsibility. It reflects a troubling shift towards treating children as primarily the concern of the state rather than their families. Afterall, no one has anything to hide until someone decides they have something to hide.
Unless substantial safeguards, transparency measures, and parental access rights are built into the system from the outset, the SUI is less a tool for safeguarding children — and more a threat to the privacy, autonomy and trust that should define the relationship between families and the institutions that serve them.
Marianne Tomlinson
Parent Power
