The custom staff used an app on their devices that has downloaded personal data from a cloud service. In this way, the information has been shared out of the workplace.
The Swedish DPA is investigating.
The Crime Data Act has the duty for the law enforcement authorities to report personal data accidents to the Sweden DPA. This incident occurred if information about one or more registered persons was destroyed, otherwise lost or was in the wrong hands.
The Sweden DPA received a report on a personal data accident by custom administration. The custom staff used an app on their smartphones which has transferred personal data to a cloud service. This information has been shared out of the company.
– This is the reason why we are investigating from the custom administration in order to find out what really happens and in which way the customs use smartphones in their enforcement operations – said Max Blidberg, the head of the investigation of the DPA.
The DPA will ask questions on which internal regulations, textbooks or other control documents regulate the way in which the custom staff can use smartphones and which kind of measures have been taken in order not to repeat this mistake.
Crime Data Protection Act
Personal Data in law enforcement are ruled by specific legislation.
The General Data Protection Regulation does not apply to all the society sector. Some Authorities have the role to fight against the crime and for the process of this personal data there is a special law, crime law. In addition, there will be special law for different kind of law enforcement, like today. The Crime Data Act entered in force the 1 of August 2018 and new special legislation for different authorities will probably enter in force only the next year.