The Information Commissioner (IP) invites once again the authorities to verify the notification methods of documents and to ensure that the (whole) decisions or documents are not published into the eGovernment national portal.
IP, on the 17th of December 2020, invited all the Authorities to verify as soon as possible the notification of documents and to guarantee that the decisions and the documents were not published on the eGovernment national portal, but only messages on the services which does not include personal data, in accordance with article 96 of the ZUP.
After the publication of the press release and the issue of notices, the IP has received many notifications of personal data breaches reported by many different public bodies according to article 33 of the General Data Protection Regulation (GDPR) after a revision of their posts.
In all the cases, the wrongly published documents were the result of unintentional human errors. In case of bodies in which there was a higher number of wrongly publications, it was found that they were enabled to publish on the public eGovernment portal in two ways:
- by the eGovernment national portal, which is usually carried out by chiefs of organizational units after the registration with a digital certification;
- by the app SPIS, which can be carried out by all the users of this application who are authorized to send documents.
In order to increase the security of personal data and reduce errors, the IP to the Ministry of Public Administration suggested not to publish it by default on the eGovernment national portal through the application of all authorities, but only to those who justify the need for this functionality and have an appropriate internal manual governing the procedure Service via this application, and all employees who dispatch documents are informed.
Whereas errors are also directly through the eGovernment national portal, the IP proposes to all public sector bodies to take internal procedural guidance for the publication of documents on the eGovernment national portal, taking into account the specifics of the organization and sectoral legislation and ensuring that the instructions are respected by everyone authorized to Publication of documents on the eGovernment portal.