Personal data breach at OmaStadi.hel.fi – corrective measures have been taken
Helsinki residents can use OmaStadi to submit ideas and vote on how the city will use EUR 8.8 million. OmaStadi is based on an electronic platform providing a social inclusion service. The displayed user profile information has included the name and user name, and users have also been able to add a personal picture, link or other additional information to their profile information. The displayed profile information also included the person’s ideas, proposals and comments as well as their “followers” and “follows”. The profile has not included matters related to voting. The user has had the opinion to delete their user account. The profiles have shown up in search results of search engines and searches by the OmaStadi website’s search function, for example.
All user profiles have been removed from the OmaStadi website after the need for correction was detected. The information may still appear in search engine listings, but the links will not open the data. The information will disappear from search engines after some time. OmaStadi service’s search functionality is disabled.
Login to the OmaStadi website is currently disabled until the login and authentication deficiencies in the service have been corrected.
The site will be renewed – user profiles will be hidden
We will improve the site so that the user profiles will, as a rule, be hidden in voting situations, and the users will have the option to make their profile public by giving their consent. When a city resident makes a proposal or comments on proposals in the service, the profile is, as a rule, public. Still, the resident can hide it if they wish.
Johanna Sinkkonen, Team Manager, email@example.com puh. +358 40 183 4931 and
Kirsi Verkka, Development Manager, firstname.lastname@example.org tel. +358 40 336 2281.
Explore the topic
Instructions of the Data Protection Ombudsman’s office if you have been affected by a personal data breach
Loading comments ...