Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
DANISH SUPERVISORY AUTHORITY: New decisions, lack of standard test.

DANISH SUPERVISORY AUTHORITY: New decisions, lack of standard test.

In three new decisions, the Danish Data Protection Authority assesses the control has led to the transmission of many information or that has been possible to have access to information of many citizens.

The Danish Data Protection Authority has taken a decision under three cases of security breach of personal data. Common to the cases is that, due to the lack of basic controls, too much information was passed on to the recipients or access was given to information concerning too many citizens.

In two of the cases, it is about information related to the occupation responsible for 1.5 million citizens till 4.2 million citizens. Here, the Danish Data Protection Authority has declared responsibility for serious criticism to societies which were responsible for the personal data process for municipalities.

In this last case, it is about a no intentional disclosure of name, address and social security number when a person has fulfilled a digital request of a municipality for an extra charge or a single performance against another citizen.

This last accident is an example of a case in which the municipality responsible for the data process has not carried out the greatest based control of which information has been disclosed when an IT system has been put into operation. In the same way, in these cases, the data processors did not do the based controls on informations shared after that the system has been modified because of an update.

It is in the opinion of the Data Inspectorate that IT systems must be regularry controlled,therefore it is ensured that the system does not transmit more information than necessary to the appropriate recipients it is ensured that the system does not transmit information to the wrong recipients it is ensured that access control on the system works properly, including that users have access to exactly the information they should have access to;

It is particularly important that these controls are carried out before the system is put into operation for the first time and after a change has been made to the system, for example in connection with an update.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA DANIMARCA

Team Privacy & Data Protection
30 October 2020

Recommended to you

Apple: 0-day detected in WebKit rendering engine (AL02/250312/CSIRT-ITA)

12 March, 2025

Adobe: Security Updates (AL03/250312/CSIRT-ITA

12 March, 2025

Joomla! Updates (AL04/250312/CSIRT-ITA)

12 March, 2025

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

12 March, 2025

Zoom Vulnerability (AL05/250312/CSIRT-ITA)

12 March, 2025

Laravel: Public PoC for CVE-2024-13919 Exploitation (AL06/250312/CSIRT-ITA)

12 March, 2025

Resolved vulnerabilities in Cisco products (AL07/250312/CSIRT-ITA)

12 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

12 March, 2025

Schneider Electric: Vulnerabilities discovered in various products (AL03/250311/CSIRT-ITA)

11 March, 2025

Siemens Product Updates (AL04/250311/CSIRT-ITA)

11 March, 2025

Ivanti March Security Update (AL05/250311/CSIRT-ITA)

11 March, 2025

Fixed vulnerabilities in Google Chrome (AL06/250311/CSIRT-ITA)

11 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

11 March, 2025

Vulnerabilities discovered in Fortinet products (AL07/250311/CSIRT-ITA)

11 March, 2025

LATVIAN SUPERVISORY AUTHORITY: Can my personal data be transferred to extrajudicial debt collection or...

11 March, 2025

CROATIAN SUPERVISORY AUTHORITY: A new coordinated action by the EDPB has begun: the right...

11 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

10 March, 2025

HONG KONG SUPERVISORY AUTHORITY: A Female Arrested for Suspected Doxxing Arising from Online Shopping Dispute

10 March, 2025

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

10 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Information obligation for automated decision-making

7 March, 2025

Advanced Research