Data security a permanent item on the agenda of NSIs

/ Author: Miriam van der Sangen
© Hollandse Hoogte / EyeEm Mobile GmbH
In its role as a data hub, Statistics Netherlands (CBS) has access to a large number of government registrations, survey data, big data, etc. The same holds true for other national statistical institutes (NSIs) in Europe and for the statistical office of the European Union, Eurostat. The public trusts these organisations to handle these data with great care. It is vitally important for these organisations to have proper data security management in place What are the security risks, and what measures should be taken to minimise them?

Secure data exchange

Data and information systems are the lifeblood of national statistical offices, Eurostat and the European Commission. Pascal Jacques, IT Security Officer for Eurostat and the European Commission: ‘Safe and reliable exchange of information, data, software and services between member states and Eurostat, and between member states themselves has a high priority. Some years ago, we discovered that European statistics offices apply different IT rules and standards to the exchange and storage of data and information. This prompted the 2012 conference of IT Directors of the European NSIs to establish a working group on IT security and secure data exchange. The result was the ESS IT Security Framework, within which participating partners all use the same rules and standards.’

Cyber attacks

The CBS recently became the first NSI in Europe to be certified as complying with the ESS IT Security Framework. Pascal Jacques: ‘CBS certainly deserves to be congratulated on this. All NSIs in Europe must be certified by October 2019. This is very important: data exchange is increasing, the data concerned are often very sensitive, volumes of data are increasing and are being shared increasingly widely. It is essential that we protect these data, as security risks and thus damage to our reputation are a constant threat.’ As Jacques explains, it is not only the NSIs that are affected by cyber attacks by hackers, for example. ‘They also affect Eurostat and the European Commission. Our data and technical facilities are of interest to others, for example for purposes of espionage or to encrypt information.’

European consultation

The NSIs and Eurostat meet regularly to discuss information security. In June this year, for instance, the IT Directors of the NSIs convened at CBS premises in The Hague, where Pascal Jacques gave a presentation on IT security. Earlier in May, IT Security Officers of the European NSIs met in Barcelona. ‘That meeting addressed exchange of microdata on imports and exports between the European statistical offices and Eurostat. Until now these data have only been exchanged at aggregated levels; exchange of microdata will hopefully start by the end of this year, provided the relevant legislation is in place. This means that even more attention must be paid to information security and the collaboration between the European NSIs, an issue which will continue to be included on our agenda.’