Meeting all standards
‘CBS handles huge quantities of data on individuals in order to produce statistics’, says Max Booleman, Data Protection Officer at CBS. ‘We must treat these with great care and we take many appropriate measures to that effect.’ Booleman is responsible for ensuring that the privacy of individuals remains guaranteed during the process of compiling statistics. ‘Having an external body look at our working methods gives us even more certainty.’ PwC conducted the audit based on the standards laid down by the Dutch Data Protection Authority and found CBS to comply with all of them.
Making personal data secure is not merely a question of having a secure IT infrastructure in place. It is also a matter of following correct operational procedures. How do staff handle data? How does CBS ensure that information cannot be traced back to individuals? Who have access to which information? How do you prevent unauthorised access to the building? All these issues were under investigation during the audit.
More and more data
In order to ensure safe handling of all data and privacy-sensitive information, CBS has adopted three points of departure. Booleman: ‘To begin with, we remove any directly identifiable personal data from databases as soon as we receive them, such as Burgerservicenummers (personal ID numbers). Second, we make sure that staff only have access to the files they need to work on. Finally, we never keep files which we are no longer using. For example, we receive information from the tax authorities; as soon as that has been processed, the source file will be destroyed. This prevents proliferation. We use the same three points of departure to handle the growing volume of big data at CBS.’
Awareness and transparency
For the departments concerned, the audit was an intensive procedure. Ms. Irene Salemink, director at the department maintaining business registers, explains: ‘We were very well-prepared. During the audit, staff were interviewed and the audit committee was checking whether we actually do as we say we do. It was an intensive and exciting process. Moreover, it has led to a great many new insights. The audit process has led to even higher awareness and further transparency within our department. We find this extremely important. Data volumes are forever increasing, and so is the complexity. This makes it particularly important to maintain a manageable overview and ensure permanent protection of company and personal privacy.’