Baby’s Days and The Ukraine!?

So you might be wondering what Baby’s Days has got to do with the Ukraine?  Given that their team is “in house” and that they have a UK data centre you’ve probably assumed that everything is based here in the UK.

I was a user of Baby’s Days for 3.5 years and assumed that it was Mark that did all the coding (as he set it up initially for his wife) and then more recently Jeff joined the team part time as a kind of database administrator.  To my recollection I’ve never actually been told this, it’s more implied from the website wording and facebook posts etc.  Others might have interpreted things differently too, let me know in the comments section.  So to my mind, “in house” always meant either Mark or Jeff.
But recently I have realised that Baby’s Days has at least one employee based in The Ukraine. I did wonder if maybe the Gentleman was just from the Ukraine, but his Facebook accounts says he lives in the Ukraine.  Most companies use contractors so I don’t find this odd but the fact that Baby’s Days have failed to mention this employee does seem very misleading to me.

As I’ve said elsewhere on the blog, I’m not very technically minded so I am unsure how much, if any, of your data this gentleman has access to, if he can view or download photos etc.  When you login to your system you give permission  to be, “monitored and recorded by on-site system personnel.”  I am also unsure if this gentleman would have the ability to monitor and record you system use or if he is classed as “on site system personnel”.  These are questions I had hoped to ask Baby’s Days but they did not get back to me with a comment sadly.

I have asked Baby’s Days to comment on this information and they declined to do so.  As such this post is based on all information available at the time.  If new information comes to light, I will obviously update this post so that it remains as factual as the others on this blog.  There is of course the very small chance this man has a made up Linkedin and Facebook account and he doesn’t work for Baby’s Days at all.

Security and SSL Ceritifcates.

Tonight’s post is all about SSL Certificates.  This is the first in a series of posts comparing Baby’s Days with their competitors.  A SSL certificate determines how secure data is as it leaves your computer and travels across the internet to the company’s server source.

You can test a sites certificate and configuration using websites online like SSLABS.  So if you want to check the validity of claims made in this post, have a little nosey yourself.  There are a few other EYFS packages available on the market to nurseries and childminders; Baby’s Days state that other packages, “only provide a fraction of the features available with Baby’s Dayssource 

You would imagine that Baby’s Days would have the highest ranking certificate given that they are the, “most advanced software system available on the market” source and that users pays £11.99 a month.

Unfortunately this isn’t the case and Baby’s Days DO NOT have the highest SSL Certificate rating amongst its competitors. 

The highest rated SSL Certificates are actually configured by companies called MegaMinder and Orbit who both provide free EYFS software solutions.  Below are the certificates so you can view this for yourself.

Does this mean Baby’s Days is unsafe? 
No, not at all. They are doing as much as they can to ensure your data is safe.  It is just a shame that the wording on their website is so “pumped” it really makes you feel that they are market innovators leading the field, the only ones who can be trusted etc.  They have a whole page on their site dedicated to ensuring you know they are the best in the industry and that competitors do not come close.

So when you delve a little deeper it’s disappointing to find that actually FREE providers have higher rating certificates.  If you pop back tomorrow I will be posting more about the marketing claims made on their website, including the claim that, “no other system has the Parental Interaction that Baby’s Days can offer you”.

As ever don’t forget to follow the blog (782 of you are so far!) and subscribe for updates.  Feel free to leave a comment in the box, I will respond as quickly as I can.

Is any Server 100% Secure.

On its website Baby’s Days claim:
“your data is 100% secure”, Source.  

In this blog post which will be updated over the week I will look at this claim more closely.  Please note, this post does not mean Baby’s Days isn’t secure.  I assure all users of it’s services that may be reading this that in my opinion, based on the information they have provided on their website, they couldn’t make it any more secure.  

But this post will explore the claim that it is “100% secure”. 


So, is anything 100% secure?  The short answer to this is no, “nothing is 100% secure and anyone who guarantees 100% security is making a promise they cannot even keep.” Source

It is my understating that no stored data (both online and offline) could ever be considered to be 100% secure because there are too many variables that the owner of the data can not control.  For example someone could be dedicated to hacking into the system, there could be an exploitation in the code that the developer was not aware of, the data centre could fall into a hole that magically opened up in the ground.  All extremely unlikely variables, but variables none the less.

I have reported Baby’s Days to the Advertising Standards Authority Link today so that they can review this claim (and also the claim about how fantastic they are at updating systems) and if they agree that this is false advertising I believe that Baby’s Days will have to stop making this claim.  I will update you as to how this progresses over the next couple of weeks.

Does this mean Baby’s Days is unsafe?
No, not at all.  They are doing as much as they can to ensure your data is safe, just like many other similar companies.  Thousands of businesses run with set ups similar to what they appear to have, the point here is that they’re not doing anything special here at all, despite what their website might lead you to believe.  Then, on the other side of the coin, thousands use less security and that is adequate too.

I will be posting more about Baby’s Days website security claims tomorrow, including the one that says,

“[the] system is backed up EVERY day at two separate geographical locations in the UK, including all the data and photographs that have been uploaded to their system.Source 

I will be looking at where these two separate geographical locations are, we know one is the data centre, but I have not read anything about the security of the second location on the Baby’s Days website.  I have contacted Baby’s Day for their comment on the 100% claim but they have declined to comment and referred me to their solicitors.

It would be interesting to see if any blog readers know about these two locations?  Please comment below or message me and don’t forget to subscribe to the blog by putting your email in at the top of this page to be alerted when a new post is added.

Has anyone complained to the Information Commissioner’s Office about Baby’s Days?

So I have been contacted by a few people advising me I should contact the ICO regarding how Baby’s Days have handled the data they have stored for me through the service my co-minder pays them each month.

Section 7 of the Data Protection Act provides the right for customers to request a copy of the information an organisation holds about them.  However, the right of access goes further than this, and an individual who makes a written request and pays a fee is entitled to be:

  • told whether any personal data is being processed;
  • given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
  • given a copy of the information comprising the data; and
  • given details of the source of the data (where this is available). Source

When Babysdays “terminated” the account of my co-minder we immediately emailed them and asked if we could please make a subject access request as is our right under S.7 of the Data Protection Act.  Here is the email that followed:

I am still hoping, perhaps niavely, that Baby’s Days will give me back my system come Monday and in return I will remove my blog. If I don’t get back my system I will be contacting the ICO to see what they think about Baby’s Days response to my subject access request.

In the mean time I have made a Freedom of Information request with the ICO regarding Baby’s Day, Mark Kahl and Sys IQ Ltd to determine how many complaints or concerns (if any) have been made against them.  In 20 working days I will have an answer to post here. 

At the top of this blog there is a bar, it says email address, fill that in with your address and you will be notified of any changes to the blog.  Baby’s Days will not know you have done this.