The Central Shelter for Asylum Seekers stored sensitive and identifiable information about victims of human trafficking in a spreadsheet file. Due to an error, the spreadsheet accidentally appeared online, reports NRC.
COA collected the information from hundreds of victims of human trafficking in and around asylum seekers’ centers and stored it in a spreadsheet. That document was accidentally posted online last week, NRC writes in collaboration with Argos. After the media warned about this, the document was taken offline, but shortly afterwards an even more extensive document appeared in the same place.
The spreadsheet included names, dates of birth, phone numbers, license plates, and ID numbers. These were linked to detailed information on incidents involving asylum seekers, including police reports of victims.
It is not clear exactly how many people were affected. The document described 1,200 incidents. According to NRC, this included ‘hundreds’ of identifiable information.
The document was put online after NRC and Argos requested information about human trafficking through the Government Information (Public Access) Act. Information released through the Wob is also posted online. Identifiable information should be removed, but this was not done for an unclear reason.
COA has now taken the document offline. The body starts an investigation into how often the document was downloaded and how the incident could have happened. A report has also been made to the Dutch Data Protection Authority, which is mandatory for such a data breach.