communication platform Aula has, by all accounts, a significant security vulnerability.
the Private messages, are archived in the former Skoleintra and transferred to the new assembly hall, is now available to all other employees, if they are in the Aula has been assigned the role of ’Skoleintra archive administrator’. It writes Politiken school life.
the Messages can for example be minutes from MOUSE-conversations or evidence in a civil service, and it applies to primary schools in all of the 88 municipalities, which, so far, using the Aula.
you can Also as an administrator in the Aula - intentional or unintentional – with a single click, assign other employees the right to read in the archived messages from Skoleintra. It can also be archived personal files from Skoleintras private directory.
Have you experienced similar problems with the assembly hall? Write to us at email@example.com or on our page on Facebook
It has just been discovered by the Christian Jermiin Nielsen, who is the teacher and the Aula administrator on the Char School in the Municipality of Vejen. the
"I thought it was a mistake, as I found out about it. Suddenly I could read in my colleagues ' private messages and also assign the other to the far right," he says, and calls it a "security vulnerability". the
"It may well be that I, legally speaking, is a trusted employee, but a purely ethical is the individual employee has not been disclosed that I, or the other - f.ex. managers can go in and read their archived data from Skoleintra. Aula ought to be a secure system, and so it relies on the confidence of the point. It is of course absolutely grotesque," says Christian Jermiin Nielsen to Politiken school life.
After more than four years of attempts went to the Aula in the air for a month ago. It is local government's largest it project, and prior to the launch Asyabahis it was reported that reference is developed, with particular regard to ease of use and data security.
The final guidance in how schools were to move the data from Skoleintra to the assembly hall, was sent out 7. October – just a week before the transfer would be carried out, and the hectic start-up testifies to the eagerness to get pushed to the "unfinished" it project through, believe Christian Jermiin Nielsen.
"No one has known that there was going to shout sounding the alarm, for they have not had the time to put into the new security procedures. There are so many flaws and discrepancies, which together makes that assembly hall is safe," he says. the
It is local it community, Kombit, behind the assembly hall. Associate professor in persondataret Ayo Næsborg-Andersen considers that the Kombit has not ensured the confidentiality of the new system is sufficient, as the data was transferred from Skoleintra, and it is contrary to the persondataforordningen, GDPR.
"There has been due diligence in relation to the level of safety. If something is qualified as confidential, you must specifically assess, if it is not to be it anymore. However, here you have lowered a level of security without assessing the concrete, and it is in conflict with the principles of the GDPR," says Ayo Næsborg-Andersen, from the University of Southern denmark.
At Kombit says press officer Henrik Kirkeskov, that it has been supposed, that the transfer of data - also called migration - should apply to documentation, which was about children, so it is not risked to go lost in the context of the closure of Skoleintra.
"of course It is unfortunate if there are migrated personal messages from Skoleintra over to the assembly hall," says Henrik Kirkeskov in a written response.
He stresses that the employees themselves have been able to choose which of their messages they wanted to transfer from Skoleintra to the Aula.
when Asked whether or not the employees have done it in the blind, the corresponding Henrik Kirkeskov that in the instructions for the transfer of data was mentioned that the administrator would be able to assign others the right to access their data.
On the basis of Politiken Skolelivs enquiries will Kombit now inform municipalities on how employees are to handle the rights in the Aula. Moreover, Kombit encourage the municipalities to make sure to make some routines for sampling, so it will be checked whether someone has wrongfully looked in the data.