An in investigation of RTL news has shown on Monday that it has been carried out a market on a large scale of millions of personal data of people who came in contact with the GGD, for example for an appointment for a COVID-19 test.
This data breach is about contact details of the address, telephone numbers and number of social security. The Dutch Authority has immediately asked to GGD clarifications. And it let it be known that the GGD must inform citizens adequately and quickly about the theft, including via the website and by opening an information line.
Careless
Aleid Wolfsen, the AP president said: “medical data, address, phone number and BSN of someone are really sensitive data. And they shall remain the same. Those information are very suitable, for example, for identity theft and phishing. Security shall comply the higher standards. If you do this in a insufficient way, you are careless and you can be responsible for this. You will risk not only a sanction from AP, but also a compensation claims by victims.”
The AP has regularly warned the governamen4t, but also the health sector, in the last years, need to comply with higher standards. This data breach shows once how is important the data protection.
The maximum level of priority.
Each organization, not only the government shall make the personal data security an absolute priority. The more you do with your data, the higher are the risks. And so, the higher level of protection of data must be.
Information about health are sensitive. The General Data Protection Regulation (GDPR) established that those data shall be further protected talking about for example, names and addresses.
Set of data.
During the coronavirus tests and the contact research, the GGD processes a lot of data of many people. Those data include name, address, city, phone numbers and number of services for citizens and the test result. All these data are actual and in a great amount. This is very important for criminals.
Many people are involved in test and in the research. So, you must protect your data very well. And you shall control if employees ask many data more than the necessary.
It is important to protect very well personal data and guarantee that they have not the access to all. The registration and the continue control are essential.
SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DEI PAESI BASSI