The Swiss data protection officer has opened an investigation into the Swisstransplant foundation after allegations of major security flaws in its online donor register. The foundation claims it is “absolutely safe”.This content was published on January 19, 2022 - 09:42
According to a news report by Swiss public television, SRF, on Monday based on private research, it is possible to register anyone in the National Organ Donation Register without their knowledge or consent.
The Federal Data Protection and Information Commissioner Adrian Lobsiger has reacted to the news and initiated an investigation on January 13, it said in a statementExternal link on Tuesday.
“From the Commissioner's point of view, it is obvious that the disclosure of the reported shortcomings is likely to undermine public confidence in the system governing organ donation in Switzerland,” it said.
The probe will examine breaches of Swiss data protection legislation and necessary security requirements. It will also examine questions about electronic identification procedures. The issue has been reported to the Federal Office of Public Health.
The online registerExternal link was launched three years agoExternal link as a practical alternative to the traditional donor card system. Around 130,000 Swiss donors have their details entered in the national organ donation register.
Swisstransplant said it takes the SRF claims “extremely seriously” and temporarily took the donor register offline. The register has been accessible again since Tuesday after the foundation and partners examined the allegations.
“No security gaps in the system could be identified,” said Swisstransplant on its websiteExternal link.
“At no time was it possible to view or edit personal data. Existing registry entries are absolutely safe,” it added.
A report by the private firm ZFT.COMPANY and research by SRF claimed it was possible to register anyone without their knowledge or consent. The IT expert at Swisstransplant also discovered that is was possible to read and download all files on the application server. According to Swisstransplant, this security gap has been closed.
In compliance with the JTI standards