Don’t believe everything you read on the internet; find it out for yourself.

Mark Kahl the director of Baby’s Days has yet again said I am a liar, here is the post and I’ve annotated it to include the actual reality and facts.

response-to-MKYou can find independent information on this issue all over the internet, just google, “cloud saas dpa”.  You can also read this, http://www.ictknowledgebase.org.uk/dataprotectionandweb or contact the ICO yourself.  Their number is 0303 123 1113, ask them very simply, “I use a cloud based data processor, I don’t have a contract with them only T&Cs agreement, am I meeting my obligations under The Data Protection Act?”.

I’m informing Baby’s Days users and prospective users of this information, what they do with the information is down to them.  I don’t want to get into a tit for tat row with anyone.  Now the facts are clear and you have the resources to check the facts you can make your own informed decision.  If you don’t want to verify the facts then that is your decision.

I’ve got to get back to planning a wedding otherwise what good is annual leave!  Only 23 more days and still haven’t had my dress fitted, eeekk!

PS.  If you’re looking for the blog post where I talk about your obligations under DPA then it’s here.  And for the record I don’t admin on any facebook groups or have any connection with any online programmes and I didn’t cancel my Baby’s Days account – it was terminated because the T&Cs were changed deliberately to ensure I was in breach of them.  This is not a vendetta, it’s a fact finding mission that I’m sharing with everyone so they can protect their data in whatever way they chose.  I’ve always said the software is fab, but there are bugs that are hard to address through the customer service channels available because some customers are treated very badly buy the support staff.

Orbit – a massive online paperwork system is closing!!

Orbit, arguably the biggest EYFS onine programme, has announced that it will no longer be operating from the end of the academic year unfortunately.

This isn’t the first time an online EYFS paperwork programme has folded, Mark Kahl from Baby’s Days claims Baby’s Days will never close because it’s a paid for system.  But don’t forget, Nobleminder was a paid for system but that one went out of business too; although admittedly in a very different and much more uncontrolled way compared to how Orbit have made their decision.

Orbit look to be doing everything they can to ensure people can remove their data and will hopefully soon be developing a bulk download option.  So there really is no need to panic and start printing of reams of work.

If you currently use orbit or have been affected by this then it’s probably a good idea to take stock of your paperwork system as a whole.  Did you know you can lose your Ofsted registration if you breach Data Protection?  You’d also face a very large fine from the ICO if they found you had breached data protection.

Edited 10.21am Thursday to add: Some people thinks this isn’t true, read an independent link here: http://www.ictknowledgebase.org.uk/dataprotectionandweb which explains even if you’re ICO registered and you back up, you’re still not carrying out your obligations under DPA.

Many people don’t realise that when they use Baby’s Days for every tiny aspect of their business there is the very real chance that they are breaking Data Protection everyday.  As users enter the data into the system the user is deemed to be a Data Controller.  The system that holds the information is deemed to be a Data Processor; essentially an online filing cabinet that does nothing more than store data.

Did you know that a Data Processor (ie. the company) owes you practically nothing under the Data Protection act?  If they lose or restrict access to your data there will be absolutely no comeback on the company because it is you (the user) as the Data Controller that needs to ensure you are in full control of all of the data all of the time.

I discovered all this when Baby’s Days terminated my account with immediate effect not allowing me any time to remove my data.  When they did this I obviously complained to the ICO; although they were lovely and very sympathetic there was nothing at all they could do, despite many people saying I should be protected by the ICO.

Babys Days isn’t registered with the ICO to offer your data any protection at all and not many people understand that; they have no responsibility to you in their T&Cs.  They can delete or restrict your access to the system and as such you are not in control of all of your data all of the time.  You are responsible for the data, not them.  If you lose control of it for any reason, you will be fined, not them. They owe you nothing other than a filing cabinet service.

Unless you have a separate contract with Baby’s Days outlining what they will and won’t do with your data (over and above what the T&Cs say) then you are currently breaking the law and not meeting your obligations under Data Protection; which is also a requirement of the EYFS.  You face having your Ofsted registration terminated or suspended and you also face a fine by the ICO.

If you find this hard  to believe (which I did, because this isn’t mentioned anywhere on Baby’s Days website or anywhere else like through the council etc!) here is a screen shot from the ICO, it’s of an email I’ve been sent.

ICO-say-you-need-a-contractEdited Thursday @10.21am to add:  If you’re on your phone and you can’t read that, here is a smaller close up version of the part that is important.

ICO-say-you-need-a-contract 2

I’ve struggled to get Ofsted to take this matter seriously but they are now looking into whether all users of Babys Days are actually working outside of the remit of The Data Protection Act.  Please be careful and take action to protect your Ofsted registration and make sure all of your Data is backed up, every last shred, daily ideally.

Also don’t assume that this applies to all Online systems – it doesn’t.  They all have very different T&Cs to the ones Baby’s Days offer (which have changed again recently in case you didn’t know); Baby’s Days T&Cs offer the user no protection or guarantees with regards to what exactly happens with your data beyond, ‘it’s stored safely’.  Where it’s stored isn’t of much use to you if you don’t have the right to access it.

Have I tried talking to Baby’s Days?

The blog now has almost 51,000 views, that’s crazy!  There are 72 published posts, another 32 drafts waiting to be finalised and 528 published comments and none of them are spam!  When I started this blog I never imagined there would be quite so many customers secretly disgruntled with the service they receive from Baby’s Days and living with the worry about what might happen if they upset the company in anyway.

Obviously there are still customers that are very happy to use the company and find the system very helpful.  It’s usually these people that ask me, “have you tired talking to Mark, he’s really so lovely”.

With so much content on the blog and so many comments is easy for things to be missed, to recap here is the recording from the first time I called Mark and here is the first blog post about me calling him to discuss the withholding of access to my data.

I also tried to call him a second time which I’ve not blooged about before.  Quite  recently a lovely lady offered to be a sort of mediator between us in the hope that we could resolve the issue of Sys IQ Ltd witholding access to my data.  Mark asked me to call him, we arranged a time, I called him and he then refused to speak to me as I was recording the call; despite the fact that he too was recording the call and the call HAS to recorded to safeguard my legal interests.  The recording for the second conversation is here.

So to those that say, “have you tried calling Mark?  He’s usually so helpful”.  I hope this answers the question.  Yes I have, twice; he doesn’t want to sort this out.  It could easily have been sorted by giving me a few hours on the system to remove all my information, rather than immediately restricting the access to the system which resulted in me being unable to access the data.  But this is the route Mark chose to take, so do not be fooled into thinking this could have all been sorted out with a simple conversation.

Getting Married!

Hey blog fans, I just wanted to let you all know that I am still here and still have a load of things to blog about, a few companies have contacted me about potential stories and my solicitor is going through some legal aspects that need my attention and I’m also getting married in 80 days!

With all this going on (on top of usual childminding duties and potty training my 2.5 year old) I’ve decided not to blog this week, but next week I will be back as normal.  I’ll be blogging about a childminder that was downgraded for using Baby’s Days, the ICO stance on Baby’s Days, Advertising Standards and their response to Baby’s Days adverts and also a post on how I’m currently doing my paperwork.

I’ll update the blog with really quick small posts this week with other small news items :)

Are all systems built equally?

So one thing that keeps coming up is thoughts like, “but if someone wants to find a way in they will”.  This is mainly from customers of Baby’s Days who seem to be saying that the 2 security issues I’ve found on the system, one about photos and the other abut parent comments not being stored securely, have come about because I’m “looking for issues”.

The two flaws I’ve posted about, I was not “looking” for; the first a parent told me about after he found it out by accident trying to download his child’s photos in bulk (as parents can not bulk down their children’s photos from their logins).  The second came up after I was looking at URL strings trying to find out if my own photos were stored somewhere on my own laptop in a temporary folder.  Both issues have cropped up quite by accident, there was no looking or probing involved.

Some other customers have also suggested that the same issue could come up with any of the EYFS online software providers and with this post I’m really hoping to clear up that misconception.

Before I continue it I want to make it clear that the issues I am talking about below aren’t necessarily connected to Baby’s Days uniquely, I am talking about computer programming as a whole.

The first question is, “Is it true that a determined “hacker” could get into any internet system if they tried hard enough?”  I’m not really qualified to answer that question with 100% certainty but from briefly reading around this area, it seems that if someone was dedicated enough they would find a way into almost any system.  As I’ve posted before Baby’s Days claims of being 100% secure are ludicrous but obviously some systems are easier to get into that others and some people are better at getting into them than other people.

So does this mean those that claim, “it’s ok that you found these flaws Hayley, anyone can find flaws in anything if they try hard enough” have a valid point?  It is my opinion that these people are missing the point somewhat; whilst their opinion is true it is rather short sighted.  I will try and explain this with a simple analogy.

All houses are houses and if you try hard enough despite the best security systems there will probably always be one clever burglar that could get in if he or she really wanted. If you had a suitcase of cash which house would you put it in?

House 1: The house with every external security system going, it was designed by an award winning architect and the structure is perfect.

House 2: This house has all the same features as house one in terms of external security.  But it was the first house this builder had ever made, and he didn’t quite get all the bricks lined up properly and there are a couple of little cracks here and there.

They are both houses, but you’re going to put your suitcase into house 1 aren’t you?  This is because although both houses carry the risk of getting broken into by some burglar, house 1 carries less risk than house 2.

So yes, “anyone can find flaws in anything if they try hard enough”, but the point is some systems are considerably harder than others to access.  It is deeply unfair on those systems that take time, money and effort to ensure the programme they create is on par with the award winning architect in House 1, to simply shrug issues like this away.

I understand that people don’t need the added stress and worry in life of thinking too much about these things and it’s far more convenient to just hope for the best.  But as a practitioner that should be working in accordance with the Data Protection Act, “well these days shit just happens doesn’t it?” wont curry any favours with the ICO unfortunately.

Please put that new feature of bulk download to good use and download your system to your home computer daily.  You really don’t want to be in the position I am in right now.