Sensitive personal data exposed in state registers
IT specialists have discovered that the public document registers of state agencies are teeming with sensitive personal data, ranging from home addresses and passport numbers to degrees of disability.
During a Garage48 hackathon held in Tallinn over the weekend, one participating team announced that they could not publish the results of their work as it contained too much personal data they had accidentally come across in state document registers, reported daily Postimees (link in Estonian).
There are hundreds of such registers across Estonia, as each ministry, agencies, local governments and schools all have their own digital document registers.
The paper noted that while the Estonian Data Protection Inspectorate does check the security of document registers, it does so by hand, and checks are often followed by monitoring procedures and, less frequently, even fines for register administrators.
"Once a year we take on the supervision of document registers on a larger scale and conduct monitoring of document registers which covers a large number of institutions simultaneously," said Estonian Data Protection Inspectorate PR Advier Maire Iro.
Editor: Aili Vahtla