Federal Data Protection Commissioner publishes fact sheet for white-hat hackers

Data protection and security breaches were reported to the Federal Data Protection Commissioner (FDPIC) by well-meaning hackers commonly referred to as ethical hackers or “white hat hackers”. For example, after receiving a tip from a private individual, the FDPIC conducted a fact-finding investigation into an inadequately secured database of private Covid 19 test centres. After it became apparent that the responsible parties had initiated appropriate immediate measures after the deficiency became known the FDPIC was able to prove that no third parties had accessed the data apart from the white hat hacker. Thus, the FDPIC closed its investigation without making any recommendations. To ensure that all actors act efficiently and in accordance with data protection legislation in such cases, the FDPIC communicated that it has drawn up a fact sheet with practical suggestions on how to proceed in similar cases.

According to a first review of the fact sheet by Martin Steiger, the fact sheet gives the impression that the FDPIC would not be unhappy if “ethical hackers” refrained from reporting to the authority. While one can see such reports as a sign of trust, one must ask oneself whether the FDPIC is the right addressee according to the author.

These are the upcoming dates for our Annual General Meetings:

Thursday, 21 March 2024
Thursday, 20 March 2025