Data processing on the data analysis department was not logged or monitored, which can not be traced who has worked at what time sensitive data. The Tax Office has previously warned in March 2015 by consultancy LiquidHub. These sources have had sworn to Zembla know, according to the TV program. It was repeatedly stressed that the leadership must take measures to comply with the Data Protection Act. According to sources, the reports have disappeared in a drawer of the management. In March 2016 concludes the Public Audit (ADR) in a report that the security measures "not be implemented."
The Authority for Personal Data (AP) after notification of Zembla launched an investigation into the data security to the Tax. Wiebe Secretary, in charge of the Tax Administration, leaves in a written response to the TV makers know that applied to the Breeding Room "regular security". He admits that is not monitored which data processing is performed, but the loss or theft has not yet been identified, according to him. Remains according Zemlya unclear whether the security is now in order.
Who is responsible?
In response represents a spokesman for the Inland Revenue that it is unclear to the implementing agency on any ADR report Zembla relies. "We suspect that it is not a test of the current, existing security data analysis department, but an audit carried out in March 2016, was still an event for the department. In this opinion we could do in the security field, in addition to the general security measures applicable to the tax authorities. The report is the standard formulation: "these security measures are not implemented." This makes sense, because it is an advisory report for the creation of the data analysis department, "the spokesman said.
"In general I can say," the spokesman continued, "that we are careful with personal data and comply with the Data Protection Act. The Public Audit us also checks in this area. "
On the question of who exactly is responsible for the ICT security within the tax authorities, the spokesman did not directly answer surprisingly. "I suspect that falls under the protection of the ICT department. This is led by CIO Willy Rovers. " Rovers appears unavailable for comment today, because tomorrow, February 2nd 2017, a parliamentary debate taking place about the continuing problems with the tax authorities; the severance scheme and the recently published report on the organizational chaos in the executive authority.
Zembla investigative journalist Sander Rietveld proposes that the Tax with the audit story the problem is trying to "frame" in a certain way. "In March 2016 there was already three years working with sensitive data in the so-called Spawn Room. That a formal division was established only three years later, does not alter the fact that the tax had already had to comply with the Data Protection Act. Also reflected in the report of the Audit Empire that the data security all these years was not in order. "
After the ADR publication, there is a report published stating that the data security of the data and analysis department of the Tax Administration say the least to be desired. Rietveld: "This report comes from consulting firm Oliver Wyman, which suggests that much remains to be done in terms of data governance."
Accenture
Among the people who had access to the data were dozens of outside consultants from IT service provider Accenture. A company spokesperson announced that "all relevant rules and procedures for the project have been met." She also gives explanations on the partnership: "We have long project conducted three years in the field of performance management. This ran from December 2014 to January 2017. Our consultants gave advice in the field of data management, analytics and project management. "
The spokeswoman says that they can not speculate about who was responsible at the time of the project for the security. "We're just the party performing the contract and do not comment on security responsibilities within the implementing agency; This is with the tax authorities. " Strikingly Accenture the Tax and especially the Breeding Room and the now discredited data analysis department last year still crowned as "Innovator of the Year.
Chief analytics officer Cyprian Smits
Computable interviewed Tax chief analytics officer Cyprian Smits last year on the Breeding Room and data analytics and policy of the administration. In the interview Smits indicates that the data-driven innovation has been launched in 2012 with the tax authorities. This corresponds to the statement of Zembla investigative journalist Rietveld that the Tax works with sensitive data for more than three years. The claim of the Tax spokesman, the data analytics department only became a reality in 2016 and that worked only at that moment had to be so satisfied with sensitive data to the Data Protection Act, seems implausible.
No comments:
Post a Comment