European Union (EU) inspectors have identified some serious weaknesses in the security of personal data contained in Portugal’s Schengen Information System (SIS), placing the bureau in a most unfavorable position. The EU inspection team discovered vulnerabilities regarding how SIS secures its personal data database during their routine inspection. SIS is Portugal’s national police database for security control. This database holds a vast amount of information regarding arrest warrants, persons under police surveillance, reports of missing people, stolen or lost property and people banned from entering the Schengen area.
The authorities from PJ, SEF, GNR, and PSP groups have access to the database. The EU Delegation that investigated the SIS system had already recommended for the Portugal government to upgrade its facilities. However, with the revelation of the security vulnerabilities of SIS, the EU has given the Portugal government only three months to remedy the situation.
As addressed to the Portuguese state, EU delegates ordered the National Commission for Protection of Data (CNPD) to augment security through retraining of human resources. This requires more funding and manpower support for better security arrangements in managing the SIS system. This arrangement requires Portugal to give CNPD, the agency responsible for the security of the SIS database more “fiscal autonomy.” Access controls need to be logged and restricted based on the requirement of the police officer that uses SIS data.