Search behavior in corona systems GGD was only checked by sampling

GGDs only check who sees data in their corona systems on a random basis. As a result, large-scale theft of sensitive data could go unnoticed, said Minister Hugo de Jonge in a parliamentary debate. 8,000 employees had access to the data.

On Tuesday afternoon, the minister responded to research by RTL Nieuws in a debate in the House of Representatives. That wrote on Monday that large-scale trade took place in personal data that came from two commonly used ICT systems of the GGD when taking corona tests. The systems have been active since the summer. This is monitored ‘continuously’, said de Jonge, but that is not correct. In practice, only random checks are carried out to determine whether employees are incorrectly accessing data and there is not yet an up-to-date log system that continuously keeps track of which data is requested by whom. That system will not be ready until the end of March.

The minister also wrongly says that employees only had access when necessary. A total of 8,000 employees had access to it. This concerns employees of, for example, call centers who helped with source and contact research. The question is whether GGDs have done everything that ‘can reasonably be expected’ to stop the trade of data from corona databases. According to the minister, the GGD is not yet completely clear on the extent of the data breach. It is now clear that there was an export button in the systems that made it possible to download data. The GGD itself says that it has various ways of detecting abuse. Employees must submit a Statement of Conduct and sign a non-disclosure agreement.