06 Feb 2026
Q&A: NIS2 in plain language. All your questions answered
Heeft DUO nagedacht over de security & privacy van de enquête die leidde tot het datalek van 60.000 schuldeigenaren?
Our colleague Roos Dijkxhoorn spoke to BNR Nieuwsradio about this data breach: how did it happen and how can it be prevented in the future?
In this situation, there is shared responsibility. Survalyzer is responsible for the security of the software, while DUO is responsible for correctly assessing the information security risks. The data breach could have been prevented if the vulnerability had been discovered earlier by a pen test, but also if the data had not been shared.
Questions you can ask in this situation are:
- Was the sensitivity of the information considered?
- How and why was the decision made to use a third party to send out surveys?
This shared responsibility involves multiple parties, but also multiple disciplines: privacy and security. The solution starts with considering the risks of a particular processing operation. What could happen if this information becomes available to unauthorised parties? Is that risk acceptable?
Next, you look at the security requirements: how does the supplier deal with the risks and do they have their security in order? Even if everything looks fine on paper, mistakes can still be made. That is why it is wise to conduct additional technical research, such as a penetration test. A penetration test reveals these kinds of vulnerabilities and allows them to be resolved before, in this case, the survey is sent out.
Are you interested in reading the entire article or watching the broadcast? Read the entire article here.
