The Norwegian Data Protection Authority has decided to give a sanction of 200.000 NOK to the Municipality of Indre Østfold for a confidentiality breach. The personal information which should have been protected, were made available to unauthorized people.
The Municipality of Indre Østfold, ex Municipality of Askim, has published a student file of an ex student on the website of the Municipality. The student file included personal information subjected to a legal obligation.
I have received tips by local journals.
The starting point of the accident was that the student needed the file in a study context, and so has requested the Municipality to send it.
The municipality routine provides for the registration of the access requests. This means that also the document for which is was asked to the access has been scanned and made available for the access.
The student file was available from Friday 27th September till Monday 30th September on the Municipality website.
The Municipality has been informed by a journalist of the local journal Smaalenenes Avis. Documents have been removed from the mailing list and exempted after being discovered. The person affected has been informed.
The infringement tax does not change.
After the Data Inspectorate has sent a notification of an infringement tax, we have received a feedback by the Municipality.
They regret that “sensitive personal information” have been published on the mailing list. The Municipality has asked the Data Inspectorate to assess the amount of the sanction in the light of the implemented measures.
A sanction for a breach must reflect the seriousness of the crime. By the Norwegian legislation results that the Municipality shall implement the necessary measures in order to prevent future crimes. The Norwegian Authority reaches the conclusion that the next measures in order to rectify the accidents, according to the seriousness of the breach, do not have a significant effect on the total entity of the breaching tax.
We decided to end that the amount of the infraction will not be changed.
endelig-vedtak-til-indre-ostfold-kommune