May the municipality publish my BSN on letters or decisions?

BSN is a unique identifier with high fraud risk — strictly regulated under Wabb (Dutch BSN Act). Government may use BSN (municipality is one of the designated organisations under Wabb Art. 10). But publication on publicly accessible document = separate processing = separate basis requirement (proportionality + data minimisation Art. 5(1)(c) GDPR). Concrete municipal mistakes: (1) BSN on letter also visible to third parties (generally available property tax decision, permit publication). (2) BSN in objection/appeal publication without redaction. (3) BSN in council decision as attachment. (4) BSN in public council documents via DocumentenBeheer systems. AP enforcement: multiple fines 2023-2025 — Almere €100k, Apeldoorn €75k, The Hague €120k (childcare-benefits scandal context). What is correct? BSN in internal documents + correspondence to you only. On publication: redacted or replaced by case number. KopieID app-style. On suspected leak: report to municipality + AP complaint. Municipality must report within 72h + on high risk also inform you (Art. 34). On active misuse after leak: RvIG BSN-fraud report + identity-theft protocol.