City of Stockholm

€394,000

Insufficient technical and organisational measures to ensure information security

Date de décision

24 novembre 2020

Autorité

Data Protection Authority of Sweden (Integritetsskyddsmyndigheten)

SE

Secteur

Public Sector and Education

Pays

SE

Droit

GDPR

Statut

FINAL

Description

The Swedish DPA imposed a fine on the City of Stockholm for data breaches on a school education platform. The platform consists of different subsystems, including a system for monitoring school attendance, a student administration system, an interface for parents and an administration interface for teachers. In one of the subsystems, a lack of ability to restrict user access to the data has allowed a significant number of staff to access information about students using a protected identity. In another sub-system, parents could access information about other students, such as grades relatively easily. Via Google's search engine, it was possible to find links to enter an administrative interface where information about teachers with a protected identity was accessible.

Citations légales

Art. 5Art. 32

Questions et violations

Insufficient technical and organisational measures to ensure information security
Voir le document officiel
Retour à la base de données des amendes
Précédent Amende
Romanian National Supervisory Authority for Person...
Prochaine amende
Data Protection Authority of Hamburg (HmbBfDI) - C...

Restez informé sur l'application de la législation en matière de protection de la vie privée

Nous respectons votre vie privée. Un courriel par mois, pas de spam, désabonnement à tout moment.