13.12.2024 12:52
Elering has informed the Data Protection Inspectorate of the company’s possible violation in the transmission of technical data
The transmission system operator Elering has notified the Data Protection Inspectorate of the company’s possible violation in the transmission of technical data related to electricity metering points to six balance administrators. The possible violation occurred during the replacement of the nationwide electricity data exchange platform. The erroneously transmitted data did not include delicate information such as people’s names, personal identification codes or contact details.
After several years of development works, Elering replaced the legally required data exchange platform with the new Estfeed Datahub platform on 22 November. The platform aggregates data from all Estonian electricity metering points, data of network and supply contracts, and metering data. Users of the platform are electricity undertakings who can perform operations on the platform in accordance with the law and a contract entered into with Elering.
Following the replacement of the information system, it was determined that by automatic data transmission the system has made data of metering points accessible to six authenticated electricity undertakings responsible for the balance of the network operator, which data was not necessary for these undertakings at the time as detailed data for performance of business processes. The error was caused by a programming defect. Data were only visible to six balance administrators who had been operating in the market for a long time. Data have not become available to unknown persons and is not available on the internet or elsewhere in the public information space.
The erroneously sent data concerned technical information about metering points such as market participant codes (EIC codes). The erroneously sent data did not include people’s names, personal identification codes, contact details, or other delicate personal data.
Member of Elering’s management board Erkki Sapp said that such a data protection incident is regrettable. “We greatly appreciate the market participants who informed us about the incident as soon as they discovered the error. Although no direct harm was caused to anyone, the fact remains that Elering’s information system made data accessible that was not intended,” Sapp admitted. “Market participants who gained access are companies that have been operating in the market for a long time who, just like Elering, are responsible for complying with the European Union General Data Protection Act when processing personal data,” Sapp emphasised.
No actual or probable harm was reported to any person. Elering will correct the technical error as soon as possible, presumably within the next few days.