The Texas Juvenile Justice Department follows numerous security compliance regulations when transporting data on the 1,200 youths it oversees.
For an agency that is required to keep 95 percent of its data confidential, following security compliance guidelines may be a challenge when that information must be transferred from one facility to another. The Texas Juvenile Justice Department (TJJD) was created in 2011 and shortly after inception, deployed file transfer technology to transport confidential files on each of the approximately 1,200 youths the department oversees all while meeting numerous security compliance regulations.
Stored data such as medical, education and personal records for the youths must meet state compliance regulations and other regulations like the Health Insurance Portability and Accountability Act and Federal Information Processing Standards, said Mac McLeod, the TJJD’s director of IT operations.
The TJJD's incarcerated individuals are held in one of the department’s six detention facilities located across the state, and those released on parole reside in one of its nine halfway houses, according to the TJJD website.
“When we talk about our kids, we’re talking about kids that are incarcerated in the state of Texas that have not committed adult crimes,” McLeod said. “So when we move a kid from one facility to another, we have to move all of their records with them.”
When youths are transferred to a different facility within the department, their data is transferred for access at the facility where they are to reside. Staff members like case managers do not have access to data on all 1,200 juveniles, however, each facility maintains a “master profile” of each individual that it houses.
McLeod said the department’s file transfer platform, Accellion, does not actually store any of the data it transfers, but instead provides the user with a direct link to the information. Because the TJJD is exempt from storing information in Texas’ state data center, all of its data is stored instead on the department’s on-site private cloud.
According to Accellion, deployment of the product in a private cloud environment requires a software download for functionality across the enterprise.
Although the TJJD has total control over its data, the department utilizes Accellion for sharing that information to permitted individuals outside the agency, McLeod said. For example, the youths' parents, medical personnel and legal counsel may have access to the sensitive records through the platform, but must have proper consent from the department before viewing the information.
McLeod said the original plan was to transfer the sensitive data via email, however, that would have required all TJJD staff members to have their email encrypted – a method that would have been costlier. But because Accellion doesn’t require moving the data over email, the staff’s email did not need to be encrypted, hence resulting in a cost avoidance for the department.
“We originally bought it to help us move data using email, but as we began to use it and determine what its capabilities were, we started looking at the different security requirements,” he said. “This was the only platform that we felt comfortable with meeting all the security requirements that we had to fulfill.”