S 2.510 Notification and specification of retrieval procedures regarding the processing of personal data

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Specialists Responsible, IT Security Officer

Automated retrieval procedures are of particular importance with regard to data protection and data backup aspects because the retrieving party can dispose of the complete inventory or significant parts of the personal data held by the transferring party without an individual decision by the responsible party, depending on how such a connection is configured. For this reason, the relevant statutory regulations (e.g. § 10 BDSG) provide for mandatory technical and organisational data protection as part of the planning of retrieval procedures.

In the data protection laws, automated retrieval procedures are defined as a stage of data processing where personal data stored or obtained by means of data processing is disclosed to a third party in such a way that the data is made available for retrieval by the data processing party and the retrieval is carried out.

An example of an automated retrieval procedure is the electronic land register which allows authorised users immediate online access to land register data from their workstation computers in accordance with the statutory provisions. This service can be used in particular by solicitors, lawyers, banks, and insurance companies but also by state and local authorities who require access to the land register for the purpose of exercising their activities.

The responsibility for the admissibility of the individual retrieval lies with the recipient.

The specific admissibility requirements for implementing an automated retrieval procedure are set out in the relevant laws. In order to ensure controllability of the admissibility, the essential details of the retrieval procedure must be defined in writing.

It must be observed that some data protection laws require that the Federal or State Commissioner for Data Protection be informed of the implementation of a retrieval procedure.

General aspects:

• The reason and purpose as well as parties involved in the retrieval procedure must be defined.
• The retrieval authorisations must be defined and controlled.
• The types and amounts of data to be provided must be specified.
• The retention periods and deletion deadlines for data must be defined.
• It must defined in which cases the storing party must be informed by the retrieving party.

Safeguards against unauthorised retrieval:

• The retrieval of data by persons not authorised for retrieval must be prevented by means of suitable precautions:
• After a defined number of failed attempts, the authorisation must be blocked.
• Passwords must be changed at regular intervals. Wherever possible, users should be forced to change passwords using a corresponding program.
• The retrieval of special types of personal data must be secured by a higher protection level (possession and knowledge).
• Program-controlled verification procedures should be used for verification of the log files.
• The nature and scope of logging must be specified.
• Random checks or continuous logging must be performed.
• It must be specified by whom logging is performed, whether by the retrieving party, the storing party or by both parties.
• Logging must be designed such that it is possible to subsequently determine whose retrieval authorisation was used to retrieve data.
• The reasons for retrieval must be documented.
• When retrieving data it should be documented which connection and which terminal devices are used for the transmission.

Network connection:

For networked IT systems it must be checked how the network connection of the end systems is realised. In case of dial-up connections, for example, it must be checked which security safeguards are provided, and in case of virtual dedicated connections, whether closed user groups have been set up. In local networks, closed user groups should be set up in such a way that they each contain a closed organisational unit only.

Review questions:

• When implementing retrieval procedures, is it checked that all data protection requirements are complied with?