Come on we both know the secure board portal only existed in two places, on FCSLLG's open source website hosted on an U.S. server in Michigan and in the minds of the board members...
:::
Here are the top 5 reasons for which you shouldn’t opt for a WordPress site if your part of a government funded multi-billion dollar private corporation with a legal obligation to protect client information:
WordPress is an open source software. It is free in the sense of freedom not in the sense of free beer. ... Open source software comes with the freedom for you to use, modify, build upon, and redistribute the software in any way you like without paying any fees.
What are the disadvantages of using WordPress?
WordPress is the most popular content management system. This fact alone makes WordPress a prime target for hackers everywhere. As a matter of fact, according to a Sucuri report WordPress is the most hacked CMS platform worldwide. (Talk about putting children and clients at risk...)
Disadvantages of A WordPress Website.
Without a doubt, WordPress is the most used Content management system (CMS) in the world. With millions of users, it is widely praised and appreciated for its advantages. But, while the hype is still strong, many people overlook or are not aware that WordPress has certain weak points that might make them reconsider their decisions or options.
1. Vulnerability
Unquestionably the biggest disadvantage of WordPress is its security. WordPress is an Open Source platform, and it relies heavily on plugins and themes for customization. Both the plugins and the themes are developed by different people and companies and since there isn’t anyone monitoring them, they can easily contain bugs or malicious code lines. On top of this, as stated above, today, WordPress is the most popular content management system.
This fact alone makes WordPress a prime target for hackers everywhere. As a matter of fact, according to a Sucuri report WordPress is the most hacked CMS platform worldwide. (so much for not putting their "clients" at risk)
2. Can be expensive
While the WordPress itself is free, when looking at the whole picture there are significant costs. WordPress relies on plugins and themes for customization, and while there are some that are free, they are not always reliable or safe. Furthermore, if you want your website to stand out and your visitors to have a great you have to buy a theme, as the free ones are overused. With numerous updates coming out constantly, it can become quite expensive to keep your website up to date. Naturally, if you’re a WordPress designer, or have the knowledge you can make a lot of adjustments yourself, but most people need to use a plugin or a well-developed theme.
3. Needs frequent updates
Simply installing WordPress, is going to help you very much as this platform requires a theme and at least several plugins to work properly. WordPress updates can often render parts of your theme or some plugins usable. The more plugins you use, the more likely it is for you to encounter more compatibility problems. The whole maintenance process in WordPress can be quite challenging, and you have to be ready to make adjustments to your plugins and theme in order to have a functional website. If you don’t have the budget or the knowledge (design, programming), giving the fact that in general WordPress doesn’t offer support, and solutions can only be found on WordPress forums, chances are that you should choose another website solution for you.
4. SEO friendliness
WordPress is definitely an SEO friendly platform, but so is virtually any open source CMS. However, for the people with little to no SEO experience and knowledge, WordPress can create quite a few problems. Probably the most known one is caused by the WordPress’ category and tagging system. If the content is over-tagged or marked into many categories, Google will flag it as duplicate content, a fact that will affect your SEO rankings.
5. Customization needs Coding
To make certain change your WordPress site, you have to possess HTML, CSS and PHP knowledge. If you want to personalize in a unique way, or to enhance its design, you may find yourself needing to write numerous complicated code lines. If you’re in the category of people which possess the knowledge, things can go down smoothly, but if you try to write code without having the right expertise — most people in this category, you can make a lot of damage to your website.
Website builders are a perfect solution for - individuals and small businesses - to start a website without hiring a developer. However, finding the best website builder can be tricky for beginners.
Flaherty McCarthy LLP: Our Firm has chosen to represent Class Members in several important Class Proceedings. These claims have involved mass torts, Consumer Protection issues and privacy breaches.
We have recently successfully certified a privacy breach class action involving the Children’s Aid Society of Lanark, Leeds and Grenville.
We have successfully prosecuted the following claims:
Wilkins v. Rogers Communications Inc., 2008 CanLII 56715 (ON SC)
Rowlands v. Durham Region Health, et al., 2011 ONSC 2171 (CanLII)
Travassos v. Tattoo, 2011 ONSC 2290 (CanLII)
Drew v. Walmart Canada Inc. 2017 ONSC 3308 (CanLII)
We are in the process of prosecuting the following claims:
Blood-borne disease exposure: Rizzi v. Dr. Vivek (Vick) Handa, Upper Middle Dental and Vick Handa Dentistry Professional Corporation
Solicitor’s Negligence claims against three Immigration Lawyers: Hohots, Jaszi and Farkas
Medical Device and disease exposure: Nardi v. Sorin Group Deutschland GMBH
We remain committed to commencing and prosecuting valid and important claims that are best served by a proposed Class Proceeding.
Should you have an issue or concern that may be shared by others, such that a Class Proceeding may be appropriate, please contact:
In Toronto, contact Sean Brown.
In Whitby, contact Todd McCarthy.
:::
FROM THE TRIAL TRANSCRIPT:
So who does FCSLLG go to first with a security problem, their web-designer - obviously...! (forget the ministry and it's "cyber-experts a plenty" who could have rendered assistance)
IS CORPORATE INTERNET SECURITY JUST A WEBSITE OPTION YOU CAN FLIC ON OR OFF?
PAGE 26:
Q. So, you become aware of the problem. Who is the first person that your Organization retains to try and find out, how did this confidential information get out there?
A. As I indicated earlier, we were already under contract with a company that was working on our website, and that was upgrading it, and redesigning it for us. So, they were the first people we called to help out.
Q. Do you know who that was?
A. Laridae is the name of the company. (Lemay)
Q. Okay, and what did they conclude?
A. I’m sorry?
Q. What did they conclude the problem was?
A. Once again, you know, I can only tell you what I understand of the situation.
Q. That’s all I’m asking you to tell me.
A. What I’m told is that when the website had initially, or originally been set up, that some of the security features had not been put into activity, you know, turned on.
Q. You are not sure what that security feature is?
A. I do not – no, I could not comment on that.
Q. So, when is the day that you find out that there has been a security breach? Do you recall what day that was?
PAGE 29/30 -
RAYMOND LEMAY: I was just repeating what had been explained to me. That the security features of the website, when it was first installed, had not been turned on. That’s what was explained to me, and I am just repeating what I heard.
Q. So, all you know is whoever C.A.S. retained for you working in your position did something incorrectly with respect to the website that caused this issue?
A. That’s what, that’s what I understand, yes.
Page 29:
Lemay believes internet security is an option that comes with a website - an option that FCSLLG had never turned on even after the first breach of alleged security leading to the second breach of alleged security...
https://unpublishedottawa.com/letter/247562/alleged-ontario-cas-hacker-trial-update-190814
:::
A SCREENSHOT OF A LINK POSTED ON FACEBOOK LEAD TO A LIST OF 285 CLIENT NAMES POSTED ONLINE... April 19, 2016.
"We suspect it was a hack. It might not have been a sophisticated one," says Ray LeMay, the organization's executive director.
"It could have been that the (website's) security wasn't very good on our side. And I suspect that is the case," he adds.
Lemay admits the report was on the FCSLLG's website but says it was hidden behind several layers of security including a password given only to the organization's board of directors.
"You have to go through the back door. You have to be looking for this," he says.
This is the second time in about three months that the organization has had to take down its website because of security concerns. An outside expert (project manager Margret Row's son-in-law) was brought in after a February scare to better secure the website. No sensitive information was revealed or even in danger in the first breach, Lemay says. He says they made the changes and were told the website was secure.
But a woman, who CTV cannot name because she has been referred to children's aid, says the link to the report was publically available. She says she found the link in several locations online and thought it was like all the other FCSLLG documents on its website.
:::
"Ontario's children's aid societies grappling with how to monitor privacy breaches." Why?
In 2013, the former Privacy Commissioner of Ontario, Anne Cavoukian, again called on government to pass new legislation that would require oversight from the privacy commissioners office in order to ensure that the sensitive data being managed by these agencies was being properly handled and secured and was again ignored by Ontario's liberals.
Child welfare workers who pry into electronic records of youth in care are difficult to track, critics warn, with an alert system for possible privacy breaches used only on select files.
The now former and last Advocate for Children Irwin Elman said in an email before the office of the was closed by the Ford government, "Even though there are strict rules for accessing records, inappropriate searches can happen without anyone knowing about it.
As children's aid societies move toward a new centralized database, access to most records from across the province — and not just from within an agency — will soon become searchable to workers.
While the Child Protection Information Network (CPIN) database streamlines information collecting and sharing, it can also bring the "possibility for seemingly unfettered access" to sensitive files of youth in care, said Yuan Stevens, a former Ontario Crown ward and researcher at the Berkman Klein Center for Internet and Society at Harvard University.
Youth should be told in a "no-nonsense way" how their files are protected by legislation, and who has seen their file over time, she said. Stevens grew up in foster care in Orangeville, Ont., and in the fall will return to her studies at McGill University's law school, where she is specializing in technology law and privacy issues. She said privacy risks that existed in previous systems can increase in a centralized database.
The challenge of tracking privacy breaches isn't unique to the new system, as previous independent children's aid society databases faced the same problem, according to Elman.
CPIN gives workers access to care history information in a youth's file within their department. The youth's health, criminal and legal records are blanked out in the file and require special permissions to access.
Only restricted files, which are few in number, trigger email notifications to a children's aid society supervisor when an unauthorized person views a record. Youth who have "aged out" of the system are also searchable because there is no retention period for child welfare files.
***Is comprehensive internet security just an option on a free website builder tool or is there dedicated security hardware and software for the job?***
Meet the ISG Series Integrated Security Gateway. It's just one of the many solutions on the market to protect everything from extremely sensitive corporate data to confidential client information.
The ISG Series Integrated Security Gateways are ideally suited for securing enterprise, carrier, and data center environments where advanced applications, such as VoIP and streaming media, demand consistent, scalable performance. The Juniper Networks ISG1000 and ISG2000 Integrated Security Gateways are purpose-built security solutions that leverage a fourth-generation security ASIC, along with highspeed microprocessors to deliver unmatched firewall and VPN performance. Integrating best-inclass firewall, VPN, and optional Intrusion Detection and Prevention, the ISG1000 and ISG2000 enable secure, reliable connectivity along with network-and application-level protection for critical, high-traffic network segments.
Network segmentation: Security zones, virtual systems, virtual LANS and virtual routers allow administrators to deploy security policies to isolate guests and regional servers or databases.
Optional Integrated IDP:
The ISG Series firewall/VPN with IDP uses the same award-winning software found on Juniper Networks IDP Series appliances.
The IDP security module combines eight detection mechanisms, including stateful signatures and protocol anomaly detection.
The ISG with IDP defends against security threats such as worms, trojans, malware, spyware, unauthorized users and hackers and can provide information on rogue servers and data on applications and operating systems that were inadvertently added to the network. Application signatures enable administrators to maintain compliance and enforce corporate business policies with accurate detection of application traffic.
The ISG Series Integrated Security Gateways
Read more: Ontario's children's aid societies grappling with how to monitor privacy breaches.
:::
Quick Read: Ransomware attacks hit two Ontario children's. Officials with the other agency. 2018.
Family and Children’s Services of Lanark, Leeds and Grenville — claim to have seen an English ransom message flash on their computer screens, demanding $60,000, when they tried to access their database in November.
The computer virus attacked while the Lanark agency was uploading its data to a centralized database known as CPIN alleges Raymond Lemay.
:::
"[A]buse of process (is) the intentional use of legal process for an improper purpose incompatible with the lawful function of the process by one with an ulterior motive in doing so, and with resulting damages."
"In its broadest sense, abuse of process may be defined as misuse or perversion of regularly issued legal process for a purpose not justified by the nature of the process."
Abuse of power, in the form of "malfeasance in office" or "official misconduct," is the commission of an unlawful act, done in an official capacity, which affects the performance of official duties. ... Abuse of power can also mean a person using the power they have for their own personal gain.
The act of using one's position of power in an abusive way. This can take many forms, such as taking advantage of someone, gaining access to information that shouldn't be accessible to the public, or just manipulating someone with the ability to punish them if they don't comply.
Covert and overt abuse of power: Covert: covert means that something is hidden, in the case of power, it would mean that someone is concealing their abuse of power from the public/other service users/other care workers. Covert abuse of power can happen in any setting.
Representing FCSLLG in the class action is Fasken who was present at Miss Denham's college hearing and present at the criminal proceedings making suggestions a'plenty.
Fasken formerly Fasken Martineau DuMoulin, is an international business law firm with approximately 700 lawyers and offices in Vancouver, Surrey, Calgary, Toronto, Ottawa, Montréal, Québec City, Beijing, London and Johannesburg. On 29 November 2017, the firm announced that it is changing its name to Fasken.
(I bet Fasken lawyers don't come cheap)
:::
Please draw your attention to Note 3 in the 2019 FCSLLG financial statements, which indicates that the Society's operating fund expenses exceeded revenues by $1,114,539 during the year ended March 31, 2019 and, as of that date, the Society's current liabilities exceeded its current assets by $3,827,221.
As stated in Note 3, these events or conditions, along with other matters as set forth in Note 3, indicate that a material uncertainty exists that may cast significant doubt on the Society's ability to continue as a going concern.
Our opinion is not modified in respect of this matter.
MATERIAL UNCERTAINTY RELATED TO GOING CONCERN
At March 31, 2019 the Society had a negative working capital of $3,827,221 and the operating fund expenses exceeded revenues by $1,114,539, which when added to the operating fund excess of expenses over revenues incurred in the last 3 years, resulted in an accumulated operating fund deficit
of $3,364,522.
The Society requested a temporary increase of $120,000 to its line of credit near year end to meets its obligations and its balanced budget fund was fully depleted during the year ended March 31, 2018.
4. ACCOUNTS RECEIVABLE
2019 2018
Due from other societies $ 51,581 $ 82,698
Ministry of Children, Community and Social Services 11,063 621,644
Interfund 597,352 613,539
General 426,869 307,519
$ 1,086,865 $ 1,625,400
ONTARIO BROADER PUBLIC SECTOR (BPS) SUPPLY CHAIN CODE OF ETHICS
Goal: To ensure an ethical, professional and accountable BPS supply chain. Personal Integrity and Professionalism.
(after refusing to register with the College of Social Work and refusing to just willing cooperate with the Ombudsman or the former Child Advocate - is this compliance how the society justify calling themselves professionals?)
Individuals involved with Supply Chain Activities must act, and be seen to act, with integrity and professionalism. Honesty, care and due diligence must be integral to all Supply Chain Activities within and between BPS organizations, suppliers and other stakeholders.
Respect must be demonstrated for each other and for the environment. Confidential information must be safeguarded. Participants must not engage in any activity that may create, or appear to create, a conflict of interest, such as accepting gifts or favours, providing preferential treatment, or publicly endorsing suppliers or products.
Accountability and Transparency
Supply Chain Activities must be open and accountable. In particular, contracting and purchasing activities must be fair, transparent and conducted with a view to obtaining the best value for public money. All participants must ensure that public sector resources are used in a responsible, efficient and effective manner.
SCMA™ Code of Ethics for Professionals in the field of Supply Chain Management.
Affecting and Accepting Responsibility
:::
Unfair or Indefensible - Costs Against C.A.S.?
On behalf of Gene C. Colman Family Law Centre posted in Child Welfare on Tuesday, January 7, 2014.
There is a presumption that a successful party is entitled to the costs of a motion, enforcement, case or appeal (Ontario Family Law Rules, R. 24(1)). There is, however, no such presumption for costs in a child protection case (Rule 24(2)). Does that mean that a successful parent can never obtain a costs order against a children's aid society? Let us delve a little further.
The lack of presumption for costs is perfectly understandable. The Courts have been hesitant to impose cost orders against children's aid societies as they are faced with the difficult statutory duty of protecting children from harm and the law tells us that they should not be punished (through costs orders) for errors of judgment. A further reason for courts rarely awarding costs against societies stems from the view that societies should not be discouraged from taking action because of the risk of an adverse costs order.
Rule 24(2) does not give children's aid societies the authority to behave with impunity though. The courts have (and will) order costs against children's aid societies in limited circumstances. For example the 2013 matter of Catholic Children's Aid Society of Toronto v. SSB awarded costs to the mother and Office of the Children's Lawyer for the procedural failings of the CCAST. This case affirms the courts' approach in awarding costs against children's aid societies in that a society will not be shielded from costs where its behaviour is "unfair or indefensible or where exceptional circumstances exist".
In SSB the CCAST sought disclosure of "clinical investigation notes" from the OCL. The OCL claimed that the requested documents were subject to solicitor-client privilege and therefore could not be disclosed as the disclosure would amount to a serious breach of trust between the OCL and the children. The prevailing concern was that the CCAST had sought to obtain the privileged documents on three separate occasions (only to withdraw their motion before a decision could be delivered) and had put the mother and OCL to considerable expense in defending the motions. The judge considered that the repeated attempts to obtain disclosure was tantamount to an abuse of process and verged on acting in bad faith. The judge, most helpfully, summarized the responsibility of the CCAST as follows [at paragraph 12]:
... Like any other litigant, the society must conduct itself according to the rules. It is given broad investigative scope, and cannot and should not be liable for costs for actions it takes in good faith in its duty to investigate cases. That, however, does not give a society licence to ignore the general rules of procedural fairness. When it does, it should be liable in costs.
The CCAST matter also made reference to the 2005 decision of Children's Aid Society of Niagara Region v. B. (C.), which provides guidance for the circumstances when children's aid societies should and should not be liable for costs. These can be summarized as follows [paragraphs 89-100]:
1. Bad Faith Not Required: To attract an adverse award of costs, a children's aid society need not have acted in bad faith;
2. Fairness: Costs may be awarded against a society, "where it conducts itself... in a way where it would be perceived by ordinary persons as having acted unfairly";
3. Indefensible Behaviour: Many cases hold that a children's aid society should only be visited with an adverse award of costs where it has taken a step or position that is "indefensible", ie. "admitting of no defence".
4. Exceptional Circumstances: There is a line of decisions holding that costs should not be awarded against a society "unless exceptional circumstances exist";
5. Error in Judgment not sufficient to attract costs: A society should not be punished for a mere error of judgement (an error of judgement can truly arise only where one has considered all courses of action reasonably available at the time);
6. Society Not to Be Dissuaded by Costs: A society should not be dissuaded from its statutory mandate by costs considerations;
7. Society to Re-assess Its Position: A children's aid society must be even-handed and act in good faith. To this end a society must be prepared to re-assess its position as an investigation unfolds and more information becomes known;
8. Accountability: "Children's aid societies must be accountable" for the manner in which it investigates a case and in the way it chooses to litigate that case (one method of achieving accountability is through costs sanctions);
The judge in CASNR tells us that a society can attract an adverse costs award where it fails in any of the following seven areas (paragraph 102):
1. Investigation before apprehension;
2. Continued investigation after apprehension;
3. Consideration of all appropriate protective measures;
4. Formation of a fair and defensible position;
5. Reassessment of that position as circumstances warrant;
6. Use of properly trained workers; and
7. Accessing independent experts in the field of child psychology.
This more critical approach adopted by some courts should provide some modest encouragement to parents who have been subjected to biased investigations or litigation undertaken by a children's aid society where the C.A.S. actions were patently unfair or indefensible. These factors should be relevant not only to a costs determination but also to the expected standard of care to which child protection authority must adhere. Holding these agencies accountable to such standards should hopefully be encouraged by the case management judge as the case unfolds.
If you have a matter where a children's aid society has acted unfairly, indefensibly or there are exceptional circumstances, you may benefit from a consultation with our experienced child welfare lawyers.
Tags: CAS, Child Custody, Child Protection, Child Welfare, Children's Aid Society, Costs, Procedural Fairness
Related Posts: THE EASTER BUNNY AND C.A.S. ABUSE OF POWER, Do's and Don'ts of a CAS Apprehension of Your Child, C.A.S. Attitude: Win child welfare cases at all costs, PROPORTIONALITY, SUMMARY JUDGMENT, SELF REPRESENTED CHILD WELFARE LITIGANTS
No comments:
Post a Comment