Major Dutch gov’t data leak includes private info from civil servants in all ministries

All ministries are involved in a data leak discovered on the Dutch government websites rijksoverheid.nl, openoverheid.nl and overheid.nl. The names of civil servants were inadvertently available in the metadata attached to 100,000 of the 500,000 documents examined. These are documents such as policy notes, reports, memoranda and other documents that are shared with the public under the Open Government Act, or WOO, according to a spokesperson for the Ministry of the Interior.

When documents were converted to the PDF file format, information about which officials and civil servants had edited the document could be found in the metadata, along with other pieces of information. This usually involved the proper names or usernames of officials, and sometimes also included telephone numbers.

Since the problem was revealed last week, steps have been taken to ensure the issue is not repeated. Personal data may still be present in older documents. In this case, ministries can choose to temporarily take these documents offline, said State Secretary Zsolt Szabó of Digitalization in a letter sent to Parliament on Friday.

“The first analyses show that approximately 23% of the published documents contain fields in the metadata which were wrongly filled-in. We are still working on completing the research in the coming weeks, and note that this problem probably goes beyond the publication platforms of the central government,” Szabó wrote.

The investigation into the extent of the leak is still ongoing. The Ministry of the Interior discovered the leak during an internal audit, and reported the issue to the Dutch Data Protection Authority on April 8 along with the Ministry of Housing and Spatial Planning.

Their report to the regulator was on behalf of five other ministries, with two more later joining in. The remaining six ministries contacted the regulator themselves.

“I regret that this data leak became known via the media before employees themselves, and your House, were informed about it,” Szabó wrote in a letter addressed to the chair of the Tweede Kamer, the lower house of Parliament. “The ministry first wanted to map out the size and impact of the problem properly, have a better idea of ​​what measures are needed to solve the problem ,and to shield as much personal data that had been published as quickly as possible.”

The Interior Ministry is also in contact with other governments because it is expected that other government websites have been affected by the same problem.