Sensitive personal data published in document registers of state agencies

During a Garage48 hackathon held in Tallinn over the weekend, one participating team announced that they could not publish the results of their work as it contained too much personal data they had accidentally come across in state document registers. There are hundreds of such registers across Estonia, as each ministry, agencies, local governments and schools all have their own digital document registers.

The paper noted that while the Estonian Data Protection Inspectorate does check the security of document registers, it does so by hand, and checks are often followed by monitoring procedures and, less frequently, even fines for register administrators.

A similar problem was discovered back in April by Estonian startup Texta that created its own document registers analysis tool. Co-founder of Texta Silver Traat said they discovered a lot of highly detailed personal information in the documents register of the education ministry.

„We held a workshop as part of a language technology conference where we did what the state lacks the capacity to do itself. We downloaded 150,000 documents from the ministry’s document register and discovered that they held, among other things, people’s personal identification numbers, bank account numbers, addresses. We even came across some passport numbers,“ Traat described. He added that most of the information was from employment contracts.

This is the unfortunate side-effect of open data. For that data to be useful it actually has to contain at least some bits of personal data.

Links:
http://news.postimees.ee/4123431/stacks-of-sensitive-data-lying-unprotected
http://news.err.ee/597791/sensitive-personal-data-exposed-in-state-registers

Leave a Reply

Your email address will not be published.