Baby’s Days have fixed the Picture links on the Demo Site!

Hey readers, sorry again about the lack of blog posts this week!  Things are just so insane planning my wedding and working as a childminder; the blog will have to slow right down but there is still plenty of material to cover including a very sensitive issue with the legalities of Childminders using Baby’s Days.  I’m waiting for absolute clarity on this from The Information Commissioners Office before blogging properly but hopefully early next week I will know more.

If you are concerned about this in the interim as many seem to be on Facebook, you should read this and contact the ICO directly; note that you don’t have a contract with Baby’s Days, you accept their T&Cs.  I am more than sure if you approach Baby’s Days you will get their rose tinted view and not the actual facts to say the least, so the impartial link should help with that.

Today’s blog post is a quick one.  A while ago I posted about how individual photos were able to be viewed without any authentication by the person attempting to view them.  Baby’s Days fixed the issue whilst insisting I was a lair, but I proved the loophole was still present in the demo system in a follow up post; which you can read here.

Baby’s Days still insist that I was lying and that all individual photos required validation (which isn’t true as you can read from the comments in the blog, customers reported their photos were not individually password protected), Mark Kahl the director of Baby’s Days insists I am a liar and continues to post comments such as this in the official Baby’s Days Support Group:

Mark-Kahl-calls-me-a-bad childminder againAnyway, the reason for this blog post is because now photos on the demo do require authentication, isn’t that a bit weird.  Why has it suddenly changed?  These are the questions that Baby’s  Days customers should be asking.  Please make sure you  backup your data and don’t record data on any aspect of the system that can not be backed up.

I promise to blog later in the week, I’m going to blog about a company called Orange Moon and also about a childminder who encountered an inspector who was not so keen on Baby’s Days.  I’d also love to hear form anyone that has provided Baby’s Days with any planning records or other intellectual property over the years for another blog post I’m drafting.

Hope you all had a fab easter and that Tuesday doesn’t hurt too much!

Sys IQ Ltd has not complied with Principle 7 of the Data Protection Act.

So it’s been confirmed by the ICO that one part of my problem with my data being withheld by Baby’s Days has been resolved at least.  Despite knowing we wanted the data back, Baby’s Days went ahead and deleted the data anyway.  The ICO have found that because this child’s data has been deleted by Baby’s Days / Sys IQ Ltd, they have not complied with Principle 7 of the Data Protection Act.

There are Eight Principles to The Data Protection Act and from my understanding Principle 7 – which is labelled “security”, is about, you guessed it – security.  How ironic that a company plugging itself as “100% secure” has not complied with the part of the DPA relating to Security!

The ICO website says Pinciple 7:

means you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised

So which was it do you think blog readers?  Was my co-minders daughters data accidentally compromised, in which case, how can you be sure this won’t happen to any data you have stored with the company?

Or do you think my co-minders daughters data was deliberately compromised, in which case, again, how can you be sure this won’t happen to any data you have stored with the company?

Either option doesn’t exactly scream 100% secure to me.  What this now means is that under the DPA I have the right to take this matter to court, which obviously I intend to do.  If anyone reading this might know someone who would like to take the case get in touch via the contact option on the blog or through Facebook.

Baby’s Days isn’t ISO27001 Accredited.

A reader has sent me a message through the blog asking me if Baby’s Days are ISO27001 accredited as it seems to suggest they are on their webpage.  Here is the message I was sent:

“You’ll notice on the babydays website they show the ISO 27001 accreditation logo. I’m pretty sure (from my brief checks) that they don’t have accreditation – and are falsely claiming so by use of the logo. I don’t have time but hope you might be able to look into this?”

So are Baby’s Days ISO27001 Accredited is the question?  No is the answer.  Read on if you want to hear the long version…

For those that don’t know, ISO27001 is a certificate given to companies to add credibility to their data handling and demonstrates that a product or service meets the expectations of customers.  It essentially shows that a company has information security risks under control.  The Data Centre that Baby’s Days use has this accreditation, but Baby’s Days / Sys IQ itself do not even though the logo appears on their website.

Baby’s Days software ie. your actual person Baby’s Days domain, is not ISO accredited, so where the Baby’s Days website says,

“This certification means that you can rest easy, knowing your system and confidential data is being managed to a rigorous set of standards, processes and industry best-practices which are regularly reviewed to ensure ongoing compliance and improvement.”Source

it’s not totally accurate.  What is should say is that your system and confidential data is being managed by the data centre to a rigorous set of standards.  It’s no confirmation or guarantee it’s being handled using best practices by Sys IQ Ltd / Baby’s Days themselves, so it’s a bit misleading to feel like you can, “rest easy” in my opinion.

It is also important for people to be aware that the actual system itself, or how Sys IQ Ltd store and process your data is not covered by the data centres ISO certification or nor is it offered by any other guarantee or certificate for that matter.  The actual data could be in the safest place on the planet (and in fairness they do use a very secure storage site, just like many other EYFS software companies do), but if data is accessed via your system (as I showed last week photos could be accessed without a password) itself then where the data is being stored is irrelevant.

So, to summarise, am I saying the system is unsafe?  No.  Am I saying they should be accredited?  No.

I am clarifying the (in my opinion vague) information from Baby’s Days website so that readers are aware of how unregulated this area is and I’m saying that SYS IQ / Baby’s Days are not accredited and do not necessarily follow best practice guidelines regarding security risks as set out in ISO27001.  I am also saying that this is no certificate/accreditation to ensure your actual system is 100% secure as the website claims.

You can check a companies accreditation certificates by clicking here.

 

Do Baby’s Days customers have to pay Baby’s Days legal costs?

So from my last blog post, you can see that Sys IQ Ltd / Baby’s Days refused to process my subject access request and refused to return the data they hold about my son.  Obviously I’m taking this up with the ICO but I wanted to blog tonight about what this could potentially mean for Baby’s Days Customers.

The Information Commissioner has a statutory power to impose
a financial penalty on an organisation if they are satisfied that the
organisation has committed a serious breach of the DPA that is
likely to cause substantial damage or distress.

In theory, if the ICO were to impose a financial penalty on Baby’s Days / Sys IQ Ltd surely their customers wouldn’t have to fit the bill?  I know when I was their customer I never gave paying their legal bills a second thought.

When I started this blog my Facebook went crazy with lots of messages about, “did you know this…?” And one thing that kept coming up and has also been mentioned in the comments on the blog is that apparently within the T&Cs of Baby’s Days, their is a clause that says their customers pay Sys IQ Ltds legal bills.

EH?  WHAT?  Surely not?  Let’s have a look and see if we can reveal the truth behind this.

There is a part in the Terms and Conditions entitled “Indemnification”.  Indemnifications means, To compensate for loss or damage.  Here is what the whole section says….

Indemnification by You. You shall defend (or settle), indemnify and hold harmless Sys IQ Ltd, its officers, directors and employees, from and against any liabilities, losses, damages and expenses, including court costs and reasonable attorneys’ fees, arising out of or in connection with any third-party claim that: (i) a third party has suffered injury, damage or loss resulting from the use by You or by any Authorised User of the Subscription Service, or (ii) the Customer Data, or the use by You or by any Authorised User of the Subscription Service in violation of this Agreement, infringes or violates the Intellectual Property Rights or other proprietary rights of a third party. Your obligations under this section are contingent upon: (a) Sys IQ Ltd providing You with prompt written notice of such claim; (b) Sys IQ Ltd providing reasonable cooperation to You, at Your expense, in the defence and settlement of such claim; and (c) You having sole authority to defend or settle such claim.

It’s all a little bit gobbledy gook to me sadly, and I’m still ill so I’m not 100% sure what it’s saying but I think it’s saying the indemnification by customers only applies in some circumstances?  It’s unclear to me if a (possible) financial penalty from the ICO would fall into one of these categories that customers have to indemnify?  Maybe one the readers can clarify for me?  Data Centre Worker, we haven’t seen you in a while, any thoughts on this?  Anyone else?

For the Baby’s Days ‘water treaders’, ‘lovers’ and the ‘haters’ this does need clarifying really.  Is this sort of T&Cs typical with EYFS Software providers?  Maybe we might hear from them directly on this?!  Especially if it’s not true, I’d imagine they’d want people to know the truth.

In other news I’m feeling much better, I’m still not right but now I have antibiotics I’m on the mend, so expect a blog post on Monday again.  Have a great weekend!

Make sure you leave a review for Baby’s Days…… or you won’t get a system update!?

Yesterday, Mark Kahl posted on the Facebook Baby’s Days support group asking people to leave a review as it, “encourages [them] to release fantastic new features onto the system.”

marks-postIf you’re a regular reader of this blog you will know that when Baby’s Days introduced the control centre they refused to update my (fully paid up) system with the update, they refused to tell me why I suddenly wasn’t eligible for updates and they refused to pass my letter of complaint to the director.  I’m not quite sure how they did this given their insistence that all systems are “identical”, but they did and you can read about it here.

Anyway lots of people are very concerned about the wording of the Facebook post made by Mark Kahl on the support group run by Kel Thomas via facebook.  I’ve had numerous messages in my inbox over the last 24 hours asking things like:

If someone doesn’t leave a positive review will they be denied the next update?

Is this review site some sort of method for weeding out those not 100% happy about the system and cutting them off?

Why hasn’t Mark Kahl advertised this review website on the official Baby’s Days like page? Is he concerned that he will get more negative than positive reviews?  After all the support group has all the unsatisfied customers weeded out by admin Kel Thomas, but you can’t stop people reading the official ‘Like page'; all those unhappy people will see the post and will leave a negative review.

I posted on Monday that my fair and accurate review wasn’t published on their review site, I know of a few others that have posted fair and reflective reviews too, but they also were censored.  It turns out they are approving each review individually!

evil-troll

You have to start questioning at this point, is this a review site or a fan club?  Can you imagine if Trip Advisor had to “approve” each review individually?  What a farce!

Also, how many people have something negative to say about Baby’s Days that warrants them needing to approve each “review”.  I’m under the impression I’m the only person in the history of the world EVER, to have had a problem with Baby’s Days (according to them).  They have posted the link to the review site in a closed Facebook group. Surely if it’s just little old me with anything bad to say “approving” each comment is overkill?

In my opinion, you’d only need to approve each comment individually if you were worried you might get “too many” reviews that were “bad”.  Given that this review website has only been advertised in a closed Facebook group how many “bad” reviews are they expecting to warrant this level of scrutiny?

These are the questions that current users of Baby’s Days really need to be asking themselves.  There are still lots of people that believe the theft of my data by Sys IQ Ltd is somehow my own “fault”, I must have deserved it in some way.  Surely no company would treat a customer the way I claim Baby’s Days has treated me, I must be lying, right?

Apart from the fact this blog is fully evidenced, you have to ask, if it’s just me that they have upset with their disgusting customer service why has this blog had over 30,000 views in such a short space of time?  Why are so many people banned from posting on their “like” page?  Why are so many users removed from the Support Group run by Kel Thomas that Mark Kahl, director of Baby’s Days, continues to endorse?

If it’s “just me” why not let my factual and fair comment lie there in with the (supposed) “hundreds” of others?  Wake up and smell the coffee people, it’s not just me that’s why each post has to be “approved”; to keep their little bubble from popping.

And FYI Mark Kahl (my most frequent blog reader) I spent nearly 4 years on my work that you have refused to return, I sure as hell intend to spend at least that getting it all back.

Pop Back tomorrow where I’ll be posting a critique of Baby’s Days false advertising methods and then Friday I’m hoping to be posting a collaborative piece with a guest blogger.  Ohhhh Exciting!