T 2.164 Breach of the principle of necessity regarding the processing of personal data

Personal data must only be processed if this is required in order to perform the legitimate assignments of the competent data processing centre.

In the interest of the person concerned, the processing approach entailing the least adverse effects on his/her personal rights must be selected during data processing (proportionality).

The principle of necessity is violated if compilers are granted access rights to entire databases, although they do not need these extensive access options in order to fulfil their tasks.

A very critical aspect also includes the extensive access rights of the system and network administrators. Commonly used operating systems, particularly PC and network operating systems, still allow for all-encompassing access authorisations allowing for reading, writing, manipulating, or even deleting any files and particularly log files actually intended for controlling and auditing data processing in accordance with the data protection laws. This way, possible traces can be eliminated unobtrusively.

A poor separation of roles between system technology, programming, application, and control and poorly partitioned programs and databases may also facilitate the principle of necessity being exceeded.

Examples:

• An insurance clerk is only responsible for policy holders starting with the letters A to G, but has access to the data of all policy holders.
• Access rights are passed on upwards according to the hierarchy of the data processing centre so that the head of the centre can ultimately read and change all data by virtue of his/her office.