The Norwegian Data Protection Authority has approved a tax of 500.000 NOK breaches for the Raelingen Municipality. The fee comes after health information about children in the adapted ward was processed on the Showbie digital learning platform.
“The case started with us receiving an anomaly notice from the municipality, and in further statements it turned out that the application was not assessed with a level of security that was adapted to the risk,” says Bjørn Erik Thon, director of the Norwegian Data Protection Authority. -This is of course serious as it concerns both children and health information, which is underlined by the size of the fee.
Multiple violations
The offence includes 15 pupils in an adapted department with children with physical and mental disabilities. The Showbie application has been used here to communicate health-related personal information between school and home.
In advance, no necessary risk assessments, privacy impact assessments and testing have been carried out before the application was adopted. Inadequate security when logging into the application has, among other things, made it possible to access other students in the group.