Oslo Municipal Education Department

€120,000

Insufficient technical and organisational measures to ensure information security

Decision Date

29 de abril de 2019

Authority

Norwegian Supervisory Authority (Datatilsynet)

NO

Sector

Public Sector and Education

Country

NO

Law

GDPR

Status

FINAL

Description

Fine for security vulnerabilities in a mobile messaging app developed for use in an Oslo school. The app allows parents and students to send messages to school staff. Due to insufficient technical and organizational measures to protect information security, unauthorized persons were able to log in as authorized users and gain access to personal data about students, legal representatives and employees. The fine has meanwhile been reduced to EUR 120.000, see link

Legal Citations

Art. 32

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Polish National Personal Data Protection Office (U...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.