The electronic case files contained sensitive information on defendants.
Findings from a recent audit were detailed in a presentation to the Government Performance and Financial Management Committee on Monday. The audit examined practices from FY 2018 through FY 2020 and found that 26% of users with access to the case file management system were former city employees.
Both the South Dallas Drug Court and Oak Cliff Veteran’s Treatment Court are grant-funded institutions and handle cases involving substance abuse. The audit noted the material contained in the CaseWorthy records management system is sensitive.
That included treatment programs for defendants and treatment progress.
“I think we all can recognize that’s problematic,” Council Member Cara Mendolsohn said at the committee meeting on Monday.
The audit also found that paper and electronic case files “do not include complete and accurate records” of court participants progress or completion of treatment. In addition, the courts could not provide a reliable listing of participants who were enrolled in the program.
The audit pointed to a lack of “clearly defined written procedures” for financial activities that comply with city policies. However, these concerns are categorized as “low-risk” in the report.
This is not the first time the city had faced scrutiny for mishandling data. In 2021, a city information and technology services staffer deleted 22 terabytes of data from the city’s drives during a file migration from a cloud-based platform to an on-site archive.
Some of those files were recovered but over 7 TB were deemed “unrecoverable.” A report issued after the data deletion criticized the city for lack of policies surrounding data management.
This latest audit presents yet another problem with city management systems that could have put Dallas resident’s confidential information at risk.
“We need to get a better handle on who has access to what,” City Auditor Mark Swann said.
City officials have said that they are working to put more computer systems behind two-factor authentication.
Swann says that former employees accounts need to be deactivated faster.
“There’s always the possibility that anything could happen, so you want to make sure you’ve done everything you can do to prevent a bad activity from happening,” Swann said.
Bret Jaspers contributed to this report.
Got a tip? Email Nathan Collins at ncollins@kera.org. You can follow Nathan on Twitter @nathannotforyou.
KERA News is made possible through the generosity of our members. If you find this reporting valuable, consider making a tax-deductible gift today. Thank you.