Østfold HF Hospital
€112,000
Insufficient technical and organisational measures to ensure information security
決定日
2020年6月22日
権威
Norwegian Supervisory Authority (Datatilsynet)
NO
セクター
Health Care
国名
NO
法律
GDPRステータス
FINAL説明
It was found that Østfold HF Hospital had stored patient data, including sensitive data such as the reason for hospitalisation, during the period 2013-2019 without controlling access to the folders where the data was stored. Datatilsynet therefore decided that the hospital had not taken sufficient technical and organisational measures to protect personal data and was therefore in breach of the GDPR and the Patient Records Act.
法的引用
Art. 32
問題と違反
Insufficient technical and organisational measures to ensure information security