Letter to the Child Welfare Minister

September 27 2014

Honorable Tracy McCharles,

Minister of Child and Youth Services
Ministry of Child and Youth Services

14th Floor
56 Wellesley Street West
Toronto, Ontario

M5S 2S3

 

Dear: Minister McCharles

The Foster Parents Society of Ontario (FPSO) has been the dedicated voice of the foster parents of Ontario for over twenty-Four (24) years; originally incorporated as the Foster Parent Association of Ontario (FPAO) in 1973, in 1980 FPAO became FPSO. We are the provincial body that represents over eighty percent (80%) of Ontario’s Foster Parent Associations, with over 4000 foster families relying on us to bring forward their concerns. In addition to all of our members in the public sector of child welfare we also have many private foster parents who when in crisis call us for support.

We are writing today to bring forward the concerns that our members have with the Child Protection Information network (CPIN) that the Provincial Children’s Aid Societies (CAS’s) are preparing to utilize. In particular, the FPSO and its members are concerned with the lack of security and accountability with CPIN surrounding the collection, storage, and accessibility of private information regarding foster parents and their families.

FPSO is aware that the jury in the Jeffery Baldwin Inquest has recommended that the Government of Ontario implement CPIN for all CAS’s in Ontario. We understand that the intent of this recommendation is to build a system that will facilitate the sharing of relevant information among CAS’s in order to protect the vulnerable children in Ontario. FPSO is also aware that CPIN was a recommendation of the Commission to Promote Sustainable Child welfare. FPSO understands that CPIN is intended to bridge the difference from one CAS to another by offering the same software package and practises to every CAS, and by standardizing terminology, documentation and best practises across the province. We also

 

understand that one of the goals of the system is to elevate the safety of Ontario’s vulnerable children by making individual information more accessible all across the province. FPSO supports these goals. However FPSO does not believe it is necessary to forfeit the safety and privacy of the foster parents in order to achieve them. We believe that sustainable child welfare is not possible without consideration and protection of foster parents’ interests. To be clear, FPSO does not oppose a system that allows the timely sharing of relevant information to authorised CAS personnel for the purpose of protecting vulnerable persons in care. FPSO’s concern is that CPIN in its current form does not provide meaningful or adequate safeguards to prevent unauthorised or inappropriate access to the highly sensitive personal information regarding foster parents ands their family members that will be stored within the CPIN database.

Improving CPIN so that it adequately protects the personal information of foster parents and their families would be an appropriate way to further the goals of sustainable child welfare while balancing the privacy interests of foster parents.

FPSO’s concerns with CPIN can be summarized as follows (and are set out in more details below):

  1. The Ministry must directly oversee the implementation and ongoing use of CPIN to ensure that appropriate policies and procedures to protect foster families’ private information are in place and are followed.
  2. Stronger protections must be put in place to block unauthorized and/or inappropriate access to foster families’ private information.
  3. The possible disclosure of information that has been gathered unethically.
  4. CPIN must include appropriate data security and encryption to protect foster families’ private information in their resource files (including financial and medical information).
  5. CPIN must include a workable and transparent process for foster parents to correct inaccurate or incomplete information within their resource files.

We have sought to bring forward our concerns to the provincial child welfare leadership. We have spoken to and or met with OACAS, the Privacy Commissioner, the leadership of the CPIN Project, and Deputy Ministry Alex Sarchuck.  We remain unsatisfied that the privacy rights of foster families, their legal children, and their foster children are going to be protected by CPIN as it currently exists. FPSO is not satisfied with the accountability structure of how the foster families’ private information will be collected, stored, and accessed in CPIN.

 

We urge the Ministry to take all necessary steps to amend and improve CPIN so that it addresses the concerns set out in this letter and provides reasonable and adequate protection over the highly personal and private information regarding foster parents and their families that will be maintained in the CPIN database.

Privacy Interests of Foster Parents

The child welfare system cannot function without foster families. Foster families give up a great deal of their privacy in order to foster, and they are required to share an intrusive amount of personal information just to be approved as a foster home. The personal and private information that foster parents (who are volunteers) are required to provide supersedes what an employee of any other organization would be required to share. The amount of highly intrusive personal disclosure and information in our foster family resource files far exceeds what the personnel file of an average employee would contain. Yet the safeguards for the foster family resource file are nowhere near that of an average personnel file.

Foster parents must share private information about their own personal history, as well as intimate details about their own legal children, and their extended families. All of this information is gathered within the Structured Analysis Family Evaluation (SAFE) and the SAFE home study. FPSO is unaware of any other role where the governing body may require disclosure of this extent of highly personal information. Yet it is required of foster parents. Foster parents have been required to put their own privacy aside and divulge their personal history, their financial information, and their medical information. The requirement to disclose this highly personal information means that our members are extremely vulnerable to any weakness in the system of collection, storing and accessing this information, since unauthorised access to or disclosure of this private information could be personally devastating to foster parents and their families.

FPSO has posed objections to SAFE from the time it was licensed to Ontario. SAFE originated with the Consortium for Children in California. Our objections have always focused on the intrusive nature of SAFE, including how the documentation is collected and stored and who has access to it. In response to these concerns, FPSO was assured by Kate Cleary, the Director of the Consortium for Children (CFC) of San Rafael, Californiawho wrote and own the rights to SAFE,that SAFE is to remain in a hard copy format, and to be stored as a confidential document to protect the personal information of foster parents and their families.

However, with the advent of CPIN the assurances given regarding SAFE will be compromised. The personal information in question will no longer be stored only in secure, hard-copy format, since CAS’s across the province are scanning their foster families’ hard copy files into the CPIN system in preparation for their go live dates. We require safeguards for the information. The scanning in of this information amplifies the risk to the foster family because the CPIN system will allow much more widespread access to foster parents’ personal information. As far as we know there are no active safeguards to protect the private information stored in CPIN. Without such safeguards, the potential invasion of privacy against foster parents and their families is simply unacceptable. CPIN must be improved and amended so that it includes dependable safeguards, policies and practises in place to not only protect against unauthorised and inappropriate access to foster families’ private and personal information.

We believe CPIN could be designed to respond to the challenges foster parents have regarding the collection, storage and access to their personal information. The policies written and practises related to CPIN should ensure that there are appropriate protections against unauthorised or inappropriate access to foster families’ personal information. Currently we are concerned CPIN is going to do just the opposite.

Proposed Changes to CPIN

1)      Direct Ministry Oversight

FPSO recognizes that CPIN is purely a software data tool; however, this tool is vulnerable to:

  • The Policies that govern its use. Policies must be written to protect all parties involved in the systems use.
  • Oversight, if there is not sufficient oversight, policies are ineffective, and possible misuse of the system is amplified.
  • Compromise of the day to day management of the system, due to a lack of firm oversight.
  • Collection, recording and reporting of information is vulnerable to user error or bias.

Without a dependable and ethical oversight CPIN will amplify the risks of privacy and confidentiality breaches within the province for all foster families. These risks may also be realized by the children the system serves, and the families of these children. The very people the network is designed to protect.

We understand that in its current version CPIN will be subject to internal oversight, with each CAS overseeing their employees. We are not satisfied that this is sufficient. The Ministry oversees Licensing and Crown Ward Review each year. The CAS’s do not perform these reviews themselves. Rather, the Ministry recognizes that it must provide external oversight of these processes. The same oversight requirements should apply to CPIN. FPSO proposes that the Ministry should provide direct external oversight of the implementation and ongoing use of CPIN to ensure there is no misuse of the CPIN system.

2)    Blocking Unauthorised Access

 

We understood during one of our first meetings with Wayne Chee, CPIN Project Director, that in order for any CAS staff to access CPIN that they will have to input a security code that is assigned only to them, which is based on their location and their designation within the CAS. We understand that if a staff tries to access information within CPIN that they should not have access to they will be given a “warning screen” that will tell them they are not entitled to access the information, and notice will be sent to their supervisor within the CAS. However the system will still allow them to access the information following the warning. We do not feel that a warning screen and a notice to a supervisor are sufficient. We would like to see the user blocked from access to the information they do not have clearance to see. Furthermore, we would like to see the notification not only go to the staff supervisor, but also to the party whose information was being pursued without clearance.

 

3)      Possible disclosure of information that has been gathered unethically.

FPSO is aware that the jury in the Jeffery Baldwin Inquest has recommended;

“Protection for CAS and their personnel from liability for disclosure when the CFSA permits or requires disclosure of records.” (Section 3 Bullet #5)

We are concerned about the risks this may pose to foster families, as this recommendation does not have requirement that the records in question only be those that have been accessed with proper security clearance. We would like to see a legal requirement that disallows the disclosure of information that was gathered without the proper clearance to access the information. We believe a requirement like this could minimise the risk of unethical access to our records.

4)      Improved Data Security and Encryption

Another area of concern for the FPSO is the lack of adequate data security and encryption for foster families’ sensitive personal information (including detailed financial and medical information about foster families) that will be stored on the system. We understand that this kind of information on an employee of any CAS would not be documented in a provincial software system without being encrypted, with a specific and high level of security required for access. The private information of foster families should not be treated any differently and should be protected by the same level of data security and encryption.

FPSO is aware that under the current system, most of this information is stored securely in hard copy format, in a locked file cabinet in the CAS office. Dumping all of this private information onto the CPIN system will significantly increase the risk of unauthorized access to this information. Those seeking access to this information will no longer have to physically attend the CAS office and be granted access to the locked file cabinet. Instead, anyone with computer access to the system will be able to potentially access this information. As noted, even personnel who do not have clearance to access this information will only be met with a warning screen and they will still be able to access and distribute this personal information. Furthermore, storing this information in digital format creates a possibility that the information could be obtained by hackers or others who wish to harm foster parents by improperly gaining electronic access to this information. Given these significant risks, it is imperative that CPIN include robust data security and encryption to protect the personal information of foster parents and their families. In particular, FPSO would like to see all financial and medical information relating to foster parents and their families secured in electronic lock boxes (a security system of encrypted files that cannot be accessed at all without proper authority and clearance from the Director of Resources). FPSO proposes that foster parents should be notified whenever their sensitive personal information (financial and medical information) is accessed through CPIN.

5)      Correction of inaccurate information

FPSO is concerned that CPIN does not contain any means for foster parents to correct any inaccurate information or untrue allegations contained within the resource files. Due to the nature of the child welfare system foster parents are constantly at risk of false allegations. With the vast amount of documentation that is collected and stored about foster families they are also vulnerable to having errors and misrepresentations recorded in their resource files. Historically a foster parent had the right to read their file and if they found errors or omissions, they were able to correct errors and/or have additional information added to the file to clarify what was originally documented. Currently foster parents retain their right to read their file, but due to the design of the CPIN software we understand there is no way to change or add to what has already been recorded. CPIN must include a workable and transparent means for foster parents to correct errors and omissions in their resource files.

Conclusion

Although FPSO has concerns with CPIN at present, we do understand the underlying reasons a system like this one has been sought. FPSO is not opposed to a system like CPIN being implemented to allow the sharing of appropriate, relevant information for the purpose of protecting vulnerable children in care.  FPSO’s concern is that CPIN in its current form does not adequately protect the privacy interests of foster parents and their families. FPSO’s position is that goals set out in the Baldwin Inquest Recommendations and elsewhere can be achieved without a wholesale sacrifice of the privacy rights of foster parents who provide front line care for Ontario’s most vulnerable children. We urge the Ministry to consider the concerns set out in this letter regarding how CPIN will be used, what the associated policies are, and what the oversight will be. FPSO would like to see policies that protect foster families, oversight that is transparent and dependable, use management that is as respectful of our foster family resource files as any other employee would want for their own personnel files, and appropriate data security and encryption for all private information that is not relevant to case management of a placement. If these policies, procedures and protection were in place, FPSO would be able to support the transition to CPIN.

Currently some foster parents are going to their local CAS to decline having their files inputted into CPIN, they have been told it is not an option, if they want to foster there is no choice. We would like to be able to let these foster parents know that privacy and safety provisions have been made for them.

However without any of these issues addressed, FPSO’s position is that CPIN is not in the best interest of the foster families, their children or their extended families.

We thank you for your consideration of FPSO’s concerns and we request the opportunity to meet with you to further discuss the changes needed to protect our members at your earliest convenience.

 

Respectfully Submitted:

Cecile Brookes                                                    Vanessa Milley

Cecile Brookes                                                                        Vanessa Milley

President,                                                                                Governance and Policy Chairperson

Foster Parents Society of Ontario                                           Foster Parents Society of Ontario