DALLAS — A law firm hired to investigate the loss of Dallas police data last year said the impact was "relatively limited" but strongly encouraged the city to take more precautions and safeguards to prevent a similar incident in the future.
The city's information technology department in October had already submitted 131-page report to city council, attributing the loss to "inadequate" protocols among IT staff.
City officials reported that 22 terabytes of data, involving more than 8 million records, were deleted in the loss, which happened in March 2021.
The law firm Kirkland Ellis was hired by the city in November to begin an investigation into what happened, analyze why the data loss happened and provide any recommendations moving forward.
According to the Kirkland Ellis report released Friday, the city lost 23.94 terabytes of data and was able to recover 3.26 terabytes of that.
Kirkland's recommendations included:
- Implementing safeguards such as "soft delete" feature that allows deleted data to be recovered.
- Ensuring that IT employees have sufficient understanding of city software; Kirkland concluded that the backup IT technician's training on the software was inadequate.
- Classifying the data loss incident as a "critical incident" at the time it happens, since it involved active criminal cases. Kirkland concluded that doing so would have resulted in a more thorough look at the issue and clearer communication between police, the district attorney's office and city officials.
- Implementing better procedures for "understanding costs, benefits, and risks of potential data migration efforts" and planning out all steps for mitigating any risks.
- Establishing a chief information officer position at the Dallas Police Department and providing more budget funding for the department to build out its IT infrastructure.
The data loss happened when a city IT employee was migrating the files from a cloud service to an on-site data archive with the city, officials have said.
According to the Kirkland report, the city's IT department on March 30, 2021, learned that the migration to the on-site archive was complete. As a result, the IT employee, known as a backup technician, began "cleaning up" policies that he believed was not needed anymore.
The policies "governed" the archiving of data that police employees had saved to a certain hard drive. With those policies deleted, any archives that were created under those policies would be automatically deleted.
Six days later, on April 5, the city's IT department was notified that some archived data was not accessible. The backup technician then stopped "cleaning up" policies.
The technician filed a support ticket with the software company and notified his boss that he had made a "mistake."
The technician and his boss worked with the software company and Microsoft to resolve the issue but could not recover the lost data. On April 12, a senior IT manager told the police command staff that the department was working on a data issue and that police should file a support ticket if they believed data was inaccessible.
The next day, on April 13, the IT department notified an assistant city manager about the data loss.
Despite the data loss, the backup technician continued deleting "clients" in the system from May through August, indicating "that the backup technician failed to appreciate the magnitude of the incident," the Kirkland report said.
However, those deletions were backed up elsewhere and not lost.
Still, the Kirkland report concluded that there was no "malicious intent" or "criminal purpose" on the part of the backup technician, who was later fired.
"Multiple witnesses volunteered their opinion that there was no malice in the backup technician’s actions, and no documentary or testamentary evidence suggested the backup technician had any ulterior motive for his actions," the report said.
The city's full report on the data loss can be read here.
The Dallas County District Attorney's Office had to work with Dallas police to ensure all evidence was available for pending cases. At one point, a man facing a murder charge was released on bond as police worked to determine if any of his case files were missing. They ultimately were able to confirm all evidence was available.
The city report released said the IT department "must implement and appropriately operate adequate management controls systems including asset and inventory management systems."
The report also recommended better backup policies, such as keeping more copies of data and storing those copies on different devices.
The report criticized the IT staff's training and encouraged more "depth of job functions" for their tasks.
