Dallas City Manager Broadnax' Office Takes 'Full Responsibility' In Police Department Data Loss: 'There Was No Malice Here'
DALLAS (CBSDFW.COM) -- "In retrospect, there should have been better communication between me and my leadership team, with the Mayor and City Council and the DA's Office related to this incident, and we accept full responsibility." That's the word from Dallas City Manager, T.C. Broadnax on Monday, August 16 after the announcement last week that about 22 terabytes of data were inadvertently deleted from the Dallas Police Department's network.
Broadnax said a member of the Information and Technology Services Department made the mistake that led to the data.
"The employee lost data while moving files from a cloud-based storage archive to a City server. The appropriate policies and procedures were not followed and consequently, data was deleted," Broadnax said in a memo to the Mayor and members of the City Council. "There was no malice here, nor was there any intent to delay notification to the District Attorney's (DA) Office and City Council. At the time, we believed the data could be recovered and of the 22 Terabytes of information in question, 14 Terabytes were retrieved."
Earlier this month, city and police officials learned that a data migration of the police department's network drive led to the loss of data in April 2021, according to Dallas County District Attorney John Creuzot. The 22 terabytes of files were deleted between March 31, 2021, and April 5, 2021.
"In retrospect, there should have been better communication between me and my leadership team, with the Mayor and City Council and the DA's Office related to this incident, and we accept full responsibility," said Broadnax.
Broadnax said that steps were being taken to insure that the same thing would not happen again. He has not said if disciplinary action would be taken against those directly responsible for the incident.
"Overall, we will continue to assess the situation and the incident remains under review.," said Broadnax. "Working with executive leadership, we will determine what disciplinary action is appropriate for the employee. I look forward to briefing the City Council next Wednesday, August 18 in a closed executive session.
Read Full Memo Below
Date: August 13, 2021
To: Honorable Mayor and Members of the City Council
Subject: Data Loss Affecting the Dallas Police Department
In reference to the data loss affecting the Dallas Police Department, I want to share background information and provide context and steps taken to address the issue.
This is an unfortunate situation my leadership team and I take very seriously, and we fully understand the gravity of the situation. A member of our Information and Technology Services (ITS) Department made a mistake that led to the loss of data affecting the Dallas Police Department. The employee lost data while moving files from a cloud-based storage archive to a City server. The appropriate policies and procedures were not followed and consequently, data was deleted. There was no malice here, nor was there any intent to delay notification to the District Attorney's (DA) Office and City Council. At the time, we believed the data could be recovered and of the 22 Terabytes of information in question, 14 Terabytes were retrieved. The remaining, missing data consists of archived images, video, audio, case notes, and other items gathered by the Dallas Police Department. In our ongoing efforts to recover the missing data, ITS is employing forensic tools to recover data from alternate sources such as laptops, cameras, and other devices. We understand the magnitude and seriousness of the situation and will continue to work diligently with the DA's office to identify which cases have been affected, if any.
In retrospect, there should have been better communication between me and my leadership team, with the Mayor and City Council and the DA's Office related to this incident, and we accept full responsibility. The City's Incident Response and Data Breach Preparedness Plan classifies this incident in which individual data files are erroneously deleted as a data compromise and requires notification to the City Executive Leadership Team. To improve communication going forward, I have asked my team to immediately update our Incident Response and Data Breach Preparedness Plan to include notification to the Mayor and City Council about any data compromises within two hours of notification of the City Executive Leadership Team. Additionally, we will work with the City Council's Government Performance and Financial Management Committee to identify other communication protocol changes that may be needed.
To the best of our knowledge, nothing like this has ever happened and measures are in place to see that it never happens again. ITS has:
• Implemented a two-person integrity control process that requires multiple employees to review and perform data migrations.
• Changed configurations in storage processes to require a minimum 14-day period before data can be permanently deleted.
• Initiated a top-to-bottom assessment of the systems and processes used in storing and archiving data for opportunities to enhance capabilities and reduce potential for data loss.Overall, we will continue to assess the situation and the incident remains under review. Working with executive leadership, we will determine what disciplinary action is appropriate for the employee. I look forward to briefing the City Council next Wednesday, August 18 in a closed executive session. The session will be closed because the discussion about the lost data involves security and legal issues. Meanwhile, ITS will continue its audit of the missing data files and its efforts to recover source files. We expect to complete the audit within 45 days.
Should you have any questions prior to August 18, please don't hesitate to contact me, Elizabeth Reich, or Jon Fortune.
T.C. Broadnax
City Manager