Poor policies, processes, planning and oversight led to a Dallas IT employee deleting more than 8 million police department files, a city review released Thursday has found.
About 4.1 million photos, videos, audio, case notes and other items — or 7.5 terabytes of files — kept in a police storage archive have been permanently erased. Another 4.6 million files — or about 13 terabytes — were also deleted but could still be restored if the original copies are found on police laptops, cameras and other devices, according to the report released by the city’s IT department.
Police and the Dallas District Attorney’s Office have identified 1,000 criminal cases as priorities in the file-recovery process, according to the 131-page report, and nearly 17,500 cases may have been impacted. So far, the IT department has sifted through 142 cases and recovered more than 140,000 files that were thought to be permanently lost.
Dallas County District Attorney John Creuzot declined to comment on the city report Thursday. He said he hadn’t received an advance copy and first learned about it late from The Dallas Morning News.
A review to determine impacted criminal cases is ongoing, he said.
The city initially said 22.5 terabytes of archived data, involving cases dating back to 2018, were deleted in separate instances. But the report narrowed that tally to 20.7 terabytes.
The report doesn’t detail the impact of the erased files on Dallas police investigations or prosecutions in any of the five counties the city touches. It also doesn’t provide a clear explanation for why the now-fired employee deleted the materials, other than saying there was “an obvious misunderstanding or disregard for the defined procedures” on his part.
The city was in the process of transferring its data to cut storage costs from the cloud server. The employee “insufficiently assessed and documented” how risky it was to move the data in the way that he did, the report said.
The review found that the employee apparently ignored warnings in the city’s software system that he was deleting files instead of moving them from online storage to a city server, according to the report.
Three IT managers signed off on the data migration, the report says, but they either “didn’t understand the actions to be performed, the potential risk of failure, or negligently reviewed” what the employee was going to be doing.
Dallas has no rules for how employees should back up archival data. It also has never implemented the practices spelled out in the city’s data management strategy document, which is now out of date. The report concluded that the city has not prioritized best data management practices, including by ensuring employees are properly trained.
“The City understands the seriousness and potential impacts of this data loss, and we are committed to improving how we manage our data to ensure its security and integrity,” City Manager T.C. Broadnax said in a statement about the report. He noted the audit included recommendations to stop data from being deleted in error and to improve how the city manages its information.
Broadnax, in an August memo, outlined new policies in the aftermath of the files being erased, including requiring two IT employees to oversee the movement of any data and instituting a 14-day waiting period before files are permanently deleted. Broadnax also said city elected leaders will be informed of any data compromises within two hours of his leadership team learning about them. There was no such requirement before.
The report also offers other recommendations, including implementing rules mandating multiple copies and backups of files and ways to recover data.
The internal review began in August after Dallas County prosecutors learned about the missing police files. Broadnax, Assistant City Manager Jon Fortune, Chief Information Officer Bill Zielinski, Police Chief Eddie Garcia and several other top city officials were aware in April of files being deleted. The mayor, City Council and the public didn’t find out until the DA’s Office announced it in August.
That same month, city officials announced that it wasn’t the first time the employee had deleted files he was supposed to move, and that the total amount of missing police evidence was nearly three times the initial estimate. Shortly after, the IT employee was fired. He has declined to comment to The Dallas Morning News.
The loss of evidence and other police files has led to police officials calling for an overhaul of how the agency manages and stores its data, though a 2018 city audit had noted record-keeping concerns.
According to the city, the former employee was supposed to move 35 terabytes of archived police files from online storage to a physical city drive starting March 31. The transfer was scheduled to take five days.
But the process was canceled about halfway through after the employee instead erased 22 terabytes of files. The city said it recovered all but 7.5 terabytes.
The 4.1 million files in that batch came from several police department divisions, but the majority involved evidence gathered by the family violence unit, the report said. The audit confirmed that the city’s most violent cases were not affected.
Although city secretary files were also thought to be affected, the forensic audit determined that was not the case.
The city plans to bring in a law firm to oversee an outside investigation of the incident. The FBI’s Dallas bureau is helping the police department determine if the electronic evidence was deleted on purpose. A previous police investigation found no apparent criminal intent but couldn’t prove or refute if the files were intentionally erased.