Thousands of personal details visible on parliament website
Names and addresses of at least 24,000 people who had signed petitions were visible on Luxembourg’s parliament website without their consent following an IT glitch, parliament said on Thursday.
The personal details were publicly visible on the Chamber website since at least June, parliament's Secretary General Laurent Scheeck said in a statement.
“This technical error meant that the names and places of residence of signatories were potentially accessible on the site without their agreement,” Scheeck said, adding that it was “not a malicious act”.
Parliament has reported the error to Luxembourg’s data protection watchdog, CNPD, and will continue to investigate exactly how much data was visible. The error was corrected on 2 August.
“It will take us a few weeks to get more precise knowledge [on the error],” Scheeck told the Luxembourg Times. “We think that there might be more data [that was made public] from before June but we are certain it is a very limited amount.”
People supporting a petition have the option to leave names and address after singing it but despite some choosing not to disclose this, their data was still made public.
“The Chamber of Deputies would like to thank the user who reported the problem and apologise to anyone whose personal information may have been exposed in error,” the statement from Scheeck said.
Luxembourg's data privacy regulator - the CNPD, which claimed world fame last week when it slapped a record fine on US retail giant Amazon - saw an 8% increase in reported data leaks in 2020, rising to 378 over the year.
New regulation has led to a steady rise of reported breaches, meaning organisations are being more transparent when a problem with data occurs.
“We decided it was best not to hide this and to be open and transparent,” Scheeck added.
In one incident, the Ketterthill medical laboratories said in July that a leak at French laboratory CERBA had compromised patient data Ketterthil had provided to it between January 2017 and July this year. France’s data protection body, the CNIL, are dealing with the matter, Ketterthill said.