/s3/static.nrc.nl/wp-content/uploads/2018/10/web-3010binpersoonsgegevensjpg21514025.jpg)
[ad_1]
UWV has another year to secure one of its Internet portals. Otherwise, the Dutch data protection authority (PA) imposes a penalty of 150,000 euros per month. The regulator decided Tuesday
If the security of the employer portal was not secured on October 31, 2019, the payment of the monthly fine takes effect. On the portal, confidential information relating to absenteeism of employees is processed, among other things, but they are only protected by a password. This is not enough, according to the Authority. Therefore, the UWV must enter a multi-step authentication.
According to the regulator, the explanation of the decision can go up to 900,000 euros.
UWV is already considering joining eHerkenning, a standardized system that allows entrepreneurs to connect securely to various government agencies. The on-call must ensure that this is completed on time. The UWV says that the system is already being used in phases and that the institute is "convinced" that security is in order before the term expires.
/s3/static.nrc.nl/bvhw/files/2018/04/data30533479-d944ef.png)
See also: European Data Rules Many companies are not ready. for a new law on the protection of privacy
Authentication at a postman
In November, the AP reported security problems on the UWV employer portal. According to the regulator, the UWV violates privacy legislation by protecting this sensitive data via single factor authentication (login only with password).
"This is health data from a very large number of people, all of whom must be able to rely on UWV to carefully manage their data," said Aleid Wolfsen. President of the AP.
In multi-step authentication, users log in by combining a password with, for example, a code sent via SMS to the user's phone. The malicious people can not therefore easily access sensitive data. In addition to the password, the phone of the user must also be captured.
Source link
