The Department of Internal State Audit for the East Kazakhstan Region found no violations in a public procurement process during which employees of a district school disclosed the personal information of staff.
As a reminder, we previously reported that the school entered into a public procurement contract for medical examination services for its staff, publishing in the "technical specification" section a list of all employees of the institution with their full personal data.
In addition to the school failing to include standard requirements for the medical examination in the document, the winner of the tender was a local entrepreneur specialising in activities related to catering.
The editorial board of FBRK had already contacted the Education Department of the East Kazakhstan Region to request an assessment of this unusual situation. The department conducted an internal investigation and confirmed the supplier's incompetence and the violations committed by the school.
The department also reported that disciplinary measures were taken against the school's headteacher and chief accountant. To implement financial response measures, a letter was sent to the Department of Internal State Audit for the East Kazakhstan Region.
For our part, we sent an official request to the department to find out what conclusion they would reach. However, the department found no violations of the law in the procurement procedure.
The department explained that the procurement could not be carried out through a competitive process because only one potential supplier submitted a bid. Consequently, a contract was concluded with them using "single-source procurement following an unsuccessful tender."
In other words, the school simply had no choice. Notably, the content of the document itself, uploaded to the "technical specification" section, drew no objections from the department at all.
As a reminder, when publishing a public procurement notice, this document should contain requirements for the supplier, specifying how many employees need to undergo a medical examination and with which doctors.
However, in the notice in question, the customer simply attached a list of all state institution employees with their full personal data.
In the department's view, the presence of a list of employees requiring medical examination was sufficient to consider this requirement met.
"According to subparagraph 1 of paragraph 1 of Article 38 of the Law 'On Public Procurement', the procurement organiser publishes information on the volume of services to be provided, which are the subject of the public procurement, indicating the sums allocated for the public procurement.
Considering that the subject of the procurement is periodic medical examination services for staff, indicating information about the number of persons relates to the description of the volume of services, which does not contradict the requirements of the law," the department assured.
It is worth noting that paragraph 1 of Article 38 of the same Law "On Public Procurement" also has other subparagraphs, according to which the customer is obliged to state in the requirements for the supplier a brief description of the services being procured, as well as the place and timescales for their delivery. The department, for some reason, remained silent about this.
In conclusion, the Department of Internal State Audit for the East Kazakhstan Region stated that it is not authorised to monitor the security of personal data, and therefore sees no grounds for taking response measures.
It should be noted that the contract was signed back in April, but the personal data of the school employees is, for some reason, still publicly accessible on the public procurement website.
The editorial board of FBRK intends to ensure that the school administration removes the employees' personal information from public access.
To date, the only punishment received by the school representatives is a reprimand issued to the headteacher and the chief accountant.
So, it seems that in our country, one can openly distribute the personal data of Kazakh citizens, freely making it available, among others, to internet scammers, burglars, and other criminals, and still get away with it?