News
NOS investigation: why BSN numbers still end up online (and what municipalities can do now)
NOS and Nieuwsuur found hundreds of municipal documents with leaked personal data, including 255 with BSN numbers. Practical steps for WOO teams before publication.
What the NOS investigation shows
In July 2026, NOS and Nieuwsuur reported that Dutch municipalities still accidentally publish residents' personal data online, including email addresses, phone numbers, addresses, ID numbers, and national ID numbers (BSN).
Researchers found BSN numbers in 255 documents. In one file from the municipality of Pijnacker-Nootdorp, 43 BSN numbers were visible alongside names, addresses, and contact details from residents commenting on a building project.
Most documents with BSN were published in 2016 and 2017. Since stricter privacy rules in 2018, it still happened 99 times. The Dutch Data Protection Authority (AP) received more than 120 notifications from municipalities last year about accidental publication.
Publication platforms do not check content
Under the Dutch Open Government Act (WOO), municipalities must publish many documents. Personal data must be redacted first. The leak often happens in the gap between redaction and upload.
NOS reported that council information systems such as Notubiz do not automatically check uploaded files for sensitive data. The supplier provides the application; the authority remains responsible for what is published.
Redaction software alone is not enough if there is no mandatory pre-publication validation step before documents go online.
Three failure patterns in the redaction chain
1) Visual masking instead of real redaction. Black boxes in a PDF do not always remove the underlying text. Copy-paste or search can still expose BSN numbers.
2) Missed identifiers in tables and scans. BSN in spreadsheets, comment lists, or OCR layers is easy to overlook with manual review alone.
3) No second check before publication. One reviewer approves the file; nobody scans the export again before upload to the transparency portal.
What the regulator expects
The AP states there is usually no reason to publish BSN numbers. Unintended disclosure is a data breach and may require notification.
Repeated incidents are not explained away as "human error". Authorities need demonstrable process controls: who redacted what, on which legal ground, and who approved publication.
Notifications to the AP from municipalities have risen: from 75 in 2014 to more than 120 last year. The actual scale is likely larger.
Five steps before you publish
1) Run automated detection on BSN, email, phone, and address patterns in the final PDF.
2) Record a formal redaction decision with audit trail (see our article on redaction decisions under FOI).
3) Separate roles: the person who redacts should not be the only person who publishes.
4) Sample legacy documents from 2016–2018; NOS found a large cluster from that period.
5) Involve the DPO when incidents repeat; align WOO deadlines with privacy risk.
Use Anonify as a pre-publication step: AI flags identifiers, your team validates each proposal, and you export a redacted PDF with full audit trail before upload to your council system.
Where Anonify fits in your WOO process
Anonify is built for Dutch WOO and GDPR workflows: intake, AI detection, human review, redaction decision, and export.
BSN detection works across text and tables, including common municipal formats. Reviewers keep formal mandate; the system supports detection and audit trails, not replacement of legal judgment.
Test the workflow on your own PDF via the free demo. For high-volume teams we also offer managed redaction and enterprise rollout.
WOO practice in your inbox
Practical tips on FOI requests, redaction, and compliance. Monthly, no spam.