Home / Blog / Tax-Free childcare explained, a crackdown on fake online reviews and plans to protect information in the wake of AI

Tax-Free childcare explained, a crackdown on fake online reviews and plans to protect information in the wake of AI

Today’s blog post covers a variety of topics, from explaining how to claim tax-free childcare, an insight into a crackdown on fake online reviews and how we can protect our information as AI usage increases.

Tax-Free Childcare: Are You Benefiting?

HM Revenue and Customs (HMRC) have released their latest figures on the take-up of Tax-Free Childcare.

For the 2024-25 tax year, almost 826,000 families saved up to £2,000 per child. During March 2025, 579,560 UK families used the scheme, a 16% increase on the number using the scheme in March 2024.

What is Tax-Free Childcare?

The Tax-Free Childcare scheme allows parents to deposit money in a Tax-Free Childcare account, where the government provides a 25% top-up up to a maximum of £2,000 per child (or £4,000 if the child is disabled). For example, if parents deposit £8, the government provides a £2 top up.

The money held on deposit can be used whenever needed to pay for childcare.

Who is Eligible?

Eligibility for the scheme is based on families:

Having a child or children aged 11 or under. Eligibility ends on the 1 September after they turn 11. For children with a disability, eligibility continues until the 1 September after they turn 16.
Having a parent (or the parent’s partner) working an average of at least 16 hours a week and earning the National Living or Minimum Wage but not earning more than £100,000 a year each.

Families also cannot be receiving Universal Credit or childcare vouchers to qualify.

The Scheme May Benefit Employers Too

If you are an employer with staff who are parents, making them aware of this scheme may help to ease the financial burden of childcare for them. This could promote their wellbeing but also reduce the chances of you losing trained and valuable members of your team.

The scheme may also help parents in returning to work after having a child, allowing the business to continue to benefit from the experience and training you have invested in them.

For further information about Tax-Free Childcare and how parents can register, see: https://www.gov.uk/tax-free-childcare

Amazon Agrees to Act on Fake Reviews

Have you ever bought something on Amazon thinking it had 5-star reviews only to find the product was obviously sub-standard? Or have you found that reviews were about an entirely different product to the one you were looking to buy?

This kind of experience could become a thing of the past following new undertakings that Amazon has given to the Competition and Markets Authority (CMA).

Targeting Fake Reviews and Catalogue Abuse

Fake reviews are now banned under the Digital Markets, Competition and Consumers Act (DMCCA). However, there are also concerns around something called ‘catalogue abuse’.

Catalogue abuse is where a seller takes reviews for a well-performing product and adds them to a different product. So, for example, a product listing for headphones might show reviews that are actually for a mobile phone charger.

How Important Are Product Reviews?

Product reviews on websites are estimated to affect the buying decisions of around 90% of consumers.

Fake reviews have been a problem for some time and the CMA launched a formal investigation into Amazon over potential consumer law breaches back in 2021. Since then, the DMCCA has banned fake reviews and strengthened the CMA’s ability to tackle the problem.

Amazon’s Undertakings

Amazon have committed to put in place robust processes that allow it to quickly identify and remove fake reviews and catalogue abuse. It will also sanction businesses and reviewers that are involved in these tactics, including banning them. It will also be easier for consumers to report fake reviews and catalogue abuse.

Of course, not only Amazon is affected by fake reviews. The CMA has produced guidance on how businesses need to comply with consumer protection law when it comes to consumer reviews. It is now conducting an initial sweep of review platforms to see whether any need to do more in complying with the law.

See: https://www.gov.uk/government/news/amazon-gives-undertakings-to-cma-to-curb-fake-reviews

New Digital Hub for Technology Procurement

The UK government has announced a new digital marketplace that will change the way the public sector buys technology.

Plans are for the digital hub, which is still in early development, to help public sector organisations be able to benefit from collective buying power. The hub will also use AI to match organisations with suppliers based on their needs.

A recent State of Digital Government report showed that although many public sector organisations use similar tools, they source and negotiate contracts on an individual basis. The new digital marketplace will give users the ability to rate and review the technology they use, allowing other users to benefit from shared collective experiences.

What Could This Mean for Tech Suppliers?

More opportunities: The platform is being designed to open the market to more UK tech firms. The target is for government contracts to increase the use of small businesses by 40% within 3 years, so more public sector opportunities could begin to appear for smaller tech businesses.

Prioritising customer experience: In view of the increased exposure a rating and review system brings to customer experience, this is likely to need to become a higher priority in delivering services.

An expectation of lower businesses: Part of the objectives of the digital marketplace is to give public sector organisations more bargaining power when negotiating tech contracts. This may mean needing to reduce costs to keep or win contracts.

The new digital platform is being created under the revised Procurement Regulations. A “digital playbook” detailing best practice in purchasing decisions is also being developed to help with public sector procurement.

Tech businesses who are, or would like to be, involved in public sector contracts will want to keep an eye on developments.

See: https://www.gov.uk/government/news/one-stop-shop-for-tech-could-save-taxpayers-12-billion-and-overhaul-how-government-buys-digital-tools

How to Protect Sensitive Personal Information

The National Cyber Security Centre (NCSC) has published new guidance to help businesses identify and protect against the risks of holding sensitive personal information.

The guidance can help you to understand what sensitive personal information is and identify any that your business holds. It also provides some principles that, if applied, can reduce risks from holding that data.

Here’s a brief review of the guidance.

What is Sensitive Personal Information?

NCSC explains that there is no formal definition of what sensitive personal information (SPI) is. They explain that it’s necessary to consider possible risks that are associated with sensitivities in information you hold about individuals. For instance, would a compromise of that information increase the risk of harm, harassment or prejudice to the individual.

Examples might include an individual’s profession, their personal life characteristic, or their status.

Assessing the Risks

The guidance advises that the severity of the impact that could arise from misuse of the data should be used to determine how strong your data protections will be. NCSC cover a few questions that can help you in making your assessment.

Nine Principles

NCSC provide nine principles that can help protect SPI as well as some example measures you can use. The principles are:

Understand what data you have and the risks to it.
Ensure only appropriate access to sensitive data.
Ensure you know who is accessing data which contains SPI.
Make sure access to sensitive data cannot be misused.
Avoid putting too much sensitive data together.
When merging data, check if SPI becomes exposed.
When sharing data, check if SPI becomes exposed.
Ensure that the records of individuals with SPI do not appear to be stored, processed or handled differently to those without such sensitive data.
Keep access controls to SPI separate from routine data access controls.

Final Thoughts

Cyberattacks seem to be on the increase and a data breach can have serious consequences to a business. This may particularly be the case if the business is holding sensitive personal information about individuals.

Besides fines and penalties from the Information Commissioner’s Office, there is also loss of customer trust, disruption to your business operations, costs of recovery and potential legal claims from customers or clients whose data was compromised.

If you hold sensitive personal information in your business, reviewing NCSC’s new guidance could be well worth your time.

See: https://www.ncsc.gov.uk/collection/security-principles-protecting-most-sensitive-personal-information-in-datasets

ICO Unveils Strategy for Protecting Information in the Age of AI

The Information Commissioner’s Office (ICO) has launched a new AI and biometrics strategy designed to help ensure organisations develop and deploy new technologies lawfully.

New research has shown that many are concerned about the consequences when AI and biometric technologies go wrong. For instance, 54% of those surveyed were concerned that use of facial recognition technology by police could infringe on their privacy rights.

Speaking at the launch of the strategy, John Edwards, Information Commissioner said: “Public trust is not threatened by new technologies themselves, but by reckless applications of these technologies outside of the necessary guardrails.”

The ICO’s new strategy will help businesses to have certainty and reassure the public. It includes conducting audits, producing guidance and developing a statutory code of practice for organisations developing or deploying AI responsibly that supports innovation but safeguards privacy.

To review the strategy in full, see: https://ico.org.uk/about-the-ico/our-information/our-strategies-and-plans/artificial-intelligence-and-biometrics-strategy/

Service	Name	Purpose	Expires
	PHPSESSID	This cookie stores a visitor's unique, randomly generated, session id and is used to pass information between site applications to enable them to function correctly. It is forcibly expired when the user closes the browser.	Expires on browser close
	nc_status	This cookie is used to optimise website traffic and distribution of services.	1 day
	nc_sid	This cookie is used to optimise website traffic and distribution of services.	Expires on browser close
	cookie_analytics	This cookie is used to define the option to enable or disable analytic and marketing cookies used for the website.	1 month
	ow_ac	This cookie is used to define whether cookiebar is displayed or not.	1 month
WordPress	wordpress_sec	This cookie stores a visitor's unique, randomly generated, session id and is used to pass information between content management system called WordPress to enable it to function correctly. It is forcibly expired when the user closes the browser.	Expires on browser close
WordPress	wordpress_logged_in_xxxx	Creates a session of the user currently logged into the website through the WordPress login page. This expires upon browser close.	Expires on browser close
WordPress	wp-settings-x	Wordpress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. This cookie is only applied to persons logging into the website through WordPress.	Expires on browser close
WordPress	wp-settings-time-x	Wordpress sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. This cookie is only applied to persons logging into the website through WordPress.	Expires on browser close
WordPress	_icl_current_language	This cookie allows the built in WordPress Multilanguage plugin, to store the user’s current language. This is critical for allowing the site to function properly.	1 day
WordFence	wfwaf-authcookie-(hash)	This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded. This cookie will only be applied for users who have logged into the website.	Expires on browser close
Litespeed	_lscache_vary	This cookie allows Litespeed to store the user’s login status, the role of current user and if it has admin bar showing or not.	2 days
Litespeed	ls_smartpush	This cookie allows Litespeed to store server settings to help with performance.	2 days

Name	Purpose	Expires
_ga	This helps us count how many people visit by tracking if you’ve visited before.	2 years
_gid	This helps us count how many people visit by tracking if you’ve visited before.	24 hours
_gat_irisOpenWebsite	This helps IRIS Software Group, the developer of the website, to monitor site performance for . The data collected is anonymous and is only used for analysing website performance overall.	24 hours
_gat	This is used for managing the rate at which page view requests are made.	Expires on browser close