Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
NORWEGIAN SUPERVISORY AUTHORITY: sanction to the Asker Municipality

NORWEGIAN SUPERVISORY AUTHORITY: sanction to the Asker Municipality

The Norwegian Data Protection Authority has sanctioned the Municipal of Asker with a fine of 1 million NOK. The amount is given after than the municipality has published private personal information, like date of birth and social security numbers on its website.

The mismatch refer to the breach of confidentiality principles of the General Data Protection Regulation and includes routine and technical breakdown.

Personal information should be protected were made available to unauthorized persons on the website of the municipality.

Background of the case

On the 19th of May 2020, a private person notified to the municipality that the titles of the mailing lists documents of the municipality included 127 names and social security numbers of a total amount of 170 voices. Information available were the title of the document, as well as the name and the social security number.

Many cases were referred to children. In some cases, this mean that were published also sensitive personal information, for example concerning the PPT decisions, special learning or household benefits. The same document is not anymore available. The titles of the documents of the cases mentioned were immediately removed from the website of the municipality.

It loses control of who’s seen what

Personal information covered by the breach were the name, social security number and title of the document. The information has been available on the municipality’s website for a year. There is no record of who is present and sees or downloads personal information from the mailing list of the municipality.

The security breach of personal data has led people to lose control of the information about themselves and others may have seen the information about them.

The city issued a press release on the case and accepts the fee. However, they point out that the Data Inspectorate’s decision letter contains factual errors (including the number of years on the website) and that the municipality had implemented a number of measures that had not been mentioned. The Data Inspectorate takes note of this and apologizes, but the amount of the tariff is maintained.

The authority thinks it was good that the municipality acted and implemented measures.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA NORVEGIA

Recommended to you

Advanced Research