Surely the ICO will prorect my data? Part 2.

So, this is the second post about the Information Commissioner’s Office, the first you can find by clicking here.  In a nutshell the first post said it’s not a simple process to retrieve my data back via the ICO; lots of blog readers say, “make a subject access request – it’s your data”, but it has now been confirmed that this isn’t the case by the ICO.

The data is the child’s, not the minders in the eyes of the law.  So if a minder would like to request it they need parental permission to do so and the minder would also need to supply their ID to Sys IQ Ltd to prove they are the person they are claiming to be.

Alternatively the parent can make the Subject Access Request themselves, they will need to provide proof of ID and also proof that they are the parent of the child.  Seems a bit weird to me when a few weeks ago I could access all the data with a simple password and Sys IQ Ltd could easily reinstate the system knowing only authorised users could access the system with the password.  But anyway I did as instructed by the ICO and sent Sys IQ Ltd 47 subject access requests for all the children ever entered onto the system, I also made a request for any data relating to me and my 3 colleagues.  So 50 Subject Access Requests for data that a few weeks ago I accessed easily and also gathered and compiled myself.  How absurd.

Baby’s Days have 40 days to respond to the requests, so I will update then.  But given how my co-minders request has gone for her daughters data and that Baby’s Days / Sys IQ Ltd have flatly and illegally refused to process my subject access request for my sons data, I’m not holding my breath.


Baby’s Days / Sys IQ Ltd is seemingly unaccountable for it’s actions and apparently entirely unregulated?!  (If anyone knows who they are regulated by please comment because I will be blogging on this topic later in the week).  As such it is extremely important that data is saved by the childmidner which in my opinion then makes a complete farce of the companies 100% security claims.  All the data could be taken from the childminders own laptop!

On their Website Baby’s Days say,

“There would be very little point in using a 3rd party company to store your paperwork in digital format if…. [it] cannot be recovered under any circumstances”

I couldn’t agree more, what is the point in my co-minder having paid Sys IQ Ltd almost £500 over the years if they are unable to return our data?!

Tomorrow I will be posting the information sent to me from Baby’s Days and the ICO regarding my co-minders daughters data and how Baby’s Days seem to have misled the ICO; so make sure you check back for more proof of how underhand this company can be tomorrow.

Do Baby’s Days customers have to pay Baby’s Days legal costs?

So from my last blog post, you can see that Sys IQ Ltd / Baby’s Days refused to process my subject access request and refused to return the data they hold about my son.  Obviously I’m taking this up with the ICO but I wanted to blog tonight about what this could potentially mean for Baby’s Days Customers.

The Information Commissioner has a statutory power to impose
a financial penalty on an organisation if they are satisfied that the
organisation has committed a serious breach of the DPA that is
likely to cause substantial damage or distress.

In theory, if the ICO were to impose a financial penalty on Baby’s Days / Sys IQ Ltd surely their customers wouldn’t have to fit the bill?  I know when I was their customer I never gave paying their legal bills a second thought.

When I started this blog my Facebook went crazy with lots of messages about, “did you know this…?” And one thing that kept coming up and has also been mentioned in the comments on the blog is that apparently within the T&Cs of Baby’s Days, their is a clause that says their customers pay Sys IQ Ltds legal bills.

EH?  WHAT?  Surely not?  Let’s have a look and see if we can reveal the truth behind this.

There is a part in the Terms and Conditions entitled “Indemnification”.  Indemnifications means, To compensate for loss or damage.  Here is what the whole section says….

Indemnification by You. You shall defend (or settle), indemnify and hold harmless Sys IQ Ltd, its officers, directors and employees, from and against any liabilities, losses, damages and expenses, including court costs and reasonable attorneys’ fees, arising out of or in connection with any third-party claim that: (i) a third party has suffered injury, damage or loss resulting from the use by You or by any Authorised User of the Subscription Service, or (ii) the Customer Data, or the use by You or by any Authorised User of the Subscription Service in violation of this Agreement, infringes or violates the Intellectual Property Rights or other proprietary rights of a third party. Your obligations under this section are contingent upon: (a) Sys IQ Ltd providing You with prompt written notice of such claim; (b) Sys IQ Ltd providing reasonable cooperation to You, at Your expense, in the defence and settlement of such claim; and (c) You having sole authority to defend or settle such claim.

It’s all a little bit gobbledy gook to me sadly, and I’m still ill so I’m not 100% sure what it’s saying but I think it’s saying the indemnification by customers only applies in some circumstances?  It’s unclear to me if a (possible) financial penalty from the ICO would fall into one of these categories that customers have to indemnify?  Maybe one the readers can clarify for me?  Data Centre Worker, we haven’t seen you in a while, any thoughts on this?  Anyone else?

For the Baby’s Days ‘water treaders’, ‘lovers’ and the ‘haters’ this does need clarifying really.  Is this sort of T&Cs typical with EYFS Software providers?  Maybe we might hear from them directly on this?!  Especially if it’s not true, I’d imagine they’d want people to know the truth.

In other news I’m feeling much better, I’m still not right but now I have antibiotics I’m on the mend, so expect a blog post on Monday again.  Have a great weekend!

Has anyone complained to the Information Commissioner’s Office about Baby’s Days?

So I have been contacted by a few people advising me I should contact the ICO regarding how Baby’s Days have handled the data they have stored for me through the service my co-minder pays them each month.

Section 7 of the Data Protection Act provides the right for customers to request a copy of the information an organisation holds about them.  However, the right of access goes further than this, and an individual who makes a written request and pays a fee is entitled to be:

  • told whether any personal data is being processed;
  • given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
  • given a copy of the information comprising the data; and
  • given details of the source of the data (where this is available). Source

When Babysdays “terminated” the account of my co-minder we immediately emailed them and asked if we could please make a subject access request as is our right under S.7 of the Data Protection Act.  Here is the email that followed:

I am still hoping, perhaps niavely, that Baby’s Days will give me back my system come Monday and in return I will remove my blog. If I don’t get back my system I will be contacting the ICO to see what they think about Baby’s Days response to my subject access request.

In the mean time I have made a Freedom of Information request with the ICO regarding Baby’s Day, Mark Kahl and Sys IQ Ltd to determine how many complaints or concerns (if any) have been made against them.  In 20 working days I will have an answer to post here. 

At the top of this blog there is a bar, it says email address, fill that in with your address and you will be notified of any changes to the blog.  Baby’s Days will not know you have done this.