Experts are commenting on the letter that Victims of the Data Breach at the Population Screening for Cervical Cancer Received This Week. They say it complies with the law, but is a concise. “A Bit of a Standard Pr Message”.
The letter was sent to the more than 485,000 people whose data was stolen in a hack. Among Other Things, Names, Addresses, Dates of Birth, Social Security Numbers, Names of Healthcare Providers, and Results and Self-Tests Were Stolen. Telephone Numbers and email addresses were also stolen from some.
The Data was stolen in Early July at the Rijswijk Laboratory Clinical Diagnostics, but the hack was only announced last week. The Laboratory Performed the Tests For Population Research Netherlands, which was only informed at the beginning of August. That organizations the letters at the beginning of this week. Privacy First Board Member Steven Derks Find Worrying That It Tok So Long For The Hack To Be Announced. “As a result, those invaded were not informed for a very long time.”
Rules are attached to the letter that was still sent this week. For Example, in the event of a Data Breach, An Organization Must Explain in Clear Language What has happened, what the consequences are, and what Measures Have Been or Are Being Tasks, in Accordance with Privacy Legisletation. A Contact Option must also be sacrificed.
“All mandatory elements are in the letter,” Responds Professor Anna Berlee (Data Protection and Privacy Law). But she does think it could have leg more extensive. For example, when it comes to the measures that are being or have leg tasks by population screening in the Netherlands to minimize the risks that have arisen. This information can partly be found on the websites to which Reference is made. Berlee Thinks that some of this could also have bone included in the letter.
Mainly General Information About the Risk of Fraud
“I think there is very little in it,” Responds Derks. For this reason, he calls it “a bit of a standard pr message.” He finds it striking that only contains one paragraph about the fraud that can take place with the leaked data, and that information is also very general.
“It is Possible that malicious parties Will Misuse illegally obtained personal data,” Writes Population screening Netherlands in That Paragraph. “Therefore, it is important that you always remain alert to possible fraud.” Then it quickly refers to the website of the national government. “I think that is very mager when you see what data has leaked,” Says Derks. “I don’t think many people would go to such a website.”
“A general call to be alert to fraud is insufficient,” Says Lawyer Sven van Dooren (Louwers Ip & Tech Advocaten). The law firm he works for receives many worried emails from Victims. “Especially with Sensitive Data Such as the social security number and medical information, concrete information and advice is needed – and also legal required – to Allay the Concerns.”
CyberSecurity Professor Marianne Junger also finds The Message “Pay Attention” Insufficient. She think it is better to specific what people should pay attention to. “What is phishing? How do you recognize it?” She would like it if it were explained how people can recognize a wrong url. “All other things, such as typos and strange questions, are noticeable.” In Addition, She believes that people who could be contacted by telephone should be given extra information. It is not clear from the letter Whether your telephone number has leaked or not.
Population screening Netherlands Calls itself ‘not an expert in the field of informing/warning “in a response to the criticism. For this Reason, The Organization Decided to Refer to Government Websites.
Concrete examples are missing
More Information and Examples Can Be Found on the Government websites. But Derks Emphasizes That It would have bone good if population screening The Netherlands had made it much more concrete how criminals could operate.
He recalls a data breach at a cinema chain where this was done well. If you receive an email from that organization at any time of the year asking you to participate in a competition, you immediately understand that it is phishing. But if you have just leg to the cinema that week and it says “thank you for your visit, this week you have a chance to win a prize”, it feels much more convincing for people. Population screening Netherlands Could also Give Such Examples.
Derks Emphasizes Once again that the hackers have stolen a lot of data. With this, malicious parties can present a very convincing story to scam someone. “I think there is a good chance that many people will be scammed,” he concludes.
Van Dooren Points Out That The Contheques Can also Go Beyond Fraud: “I have spoken to Victims who fear that their address has leaked and who are threateed by their ex-partner. This letter sacrifices them no support whatsoever.”