Thousands of civil servants can easily access private data of some 4.1 million people who are or have been clients of benefits agency UWV. This is the conclusion of specialists at KPMG, who conducted their own research into this at the UWV's request, according to newspaper Trouw.
It involves sensitive data on 1 million benefit recipients and another 3.1 million or so people who have been UWV clients in the past. This data is freely retrievable by thousands of civil servants who have access to the Sonar system used by the UWV, which the benefits agency has been using since 2005. This system does not comply with any of the principles in the AVG (General Data Protection Regulation), according to KPMG.
Curious officials can request information about benefits that people receive and the guidance that benefit recipients receive from the UWV. Personal data such as name, address, citizen service number, nationality and date of birth can also be requested via Sonar without any problem. This must stop immediately, according to the KPMG researchers.
IT specialist René Jan Veldwijk tells Trouw that within the UWV it has been known for years that the Sonar system is flawed, but that no one cares. No one at the agency has ever been fired because the privacy of clients is not protected. People prefer to leave it as it is, because otherwise thousands of people would no longer be able to do their jobs.
UWV Director of Information Services Karin Menses says Sonar was built in 2005 and the very idea then was that data could be exchanged easily. It is also not easy to modify so that only authorized persons can have access. However, the agency does promise that data from before 2015 will be removed.
