Risk Description

Datatilsynet may consider that the DOMS poses a thread to the privacy of common people as putting multiple sources of sensitive data regarding living people and/or their relatives into the DOMS will enable users to perform data correlation which is illegal under Danish law. Especially considering the integrated search capabilities.

The definition of sensitive data is a bit vague and therefore there is a risk that we unintentionally get sensitive data into the DOMS. If that happens then we risk that "Datatilsynet" may declare the DOMS illegal or demand that we establish a restrictive access control which will render the DOMS unusable from our point of view.

Currently we fear that some material may be considered sensitive merely by being digitised and stored in the DOMS. E.g. digitising some printed works such as books of genealogy, and storing these in the DOMS, may enable users to retrieve entire resume of a person and this persons family.

When to react?

Reaction

For a start we will accept this risk as it will not become imminent until we begin storing material in the DOMS. However, when we get to that point, we should try to keep the DOMS free from sensitive data to avoid problems with "Datatilsynet".

If it turns out to be necessary storing sensitive data to the DOMS, then this should be done in a separate project, which is mainly of legalistic nature, and not so much technical. Thus, the risk will be delegated to that project.

Should we get complaints about sensitive material unintentionally stored in the DOMS, then we have a couple of means to quickly eliminate the risk, either by blocking access to the material in question. Blocking the access for both users and the indexing service of the search engine will make material totally unavailable to anybody.

Responsible Persons

The below persons are responsible for continuously monitoring and acting on this risk:

RiskSensitiveData (last edited 2010-03-17 13:09:23 by localhost)