Asker Municipality

€100,000

Insufficient technical and organisational measures to ensure information security

Decision Date

March 15, 2021

Authority

Norwegian Supervisory Authority (Datatilsynet)

NO

Sector

Public Sector and Education

Country

NO

Law

GDPR

Status

FINAL

Description

The Norwegian DPA (Datatilsynet) has fined the municipality of Asker EUR 100,000. On May 20, 2020, the DPA received a notice that the municipality had unlawfully published personal data on its website. On the website, users could view the names of documents that had previously been sent via the municipality's email distribution list. In addition to the names of the actual document, they also contained the names and dates of birth of 127 people, including children. Although the distribution lists were proofread daily by two people, the municipality had failed to detect the discrepancies. The Norwegian DPA concludes that the data breach occurred partly due to a lack of required routines for handling email lists.

Legal Citations

Art. 5Art. 6Art. 32 (1)Art. 24

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Spanish Data Protection Authority (aepd) - Air Eur...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.