Østfold HF Hospital

€112,000

Insufficient technical and organisational measures to ensure information security

Datum odločitve

22. junij 2020

Organ

Norwegian Supervisory Authority (Datatilsynet)

NO

Sektor

Health Care

Država

NO

Zakon

GDPR

Status

FINAL

Opis

It was found that Østfold HF Hospital had stored patient data, including sensitive data such as the reason for hospitalisation, during the period 2013-2019 without controlling access to the folders where the data was stored. Datatilsynet therefore decided that the hospital had not taken sufficient technical and organisational measures to protect personal data and was therefore in breach of the GDPR and the Patient Records Act.

Pravne navedbe

Art. 32

Vprašanja in kršitve

Insufficient technical and organisational measures to ensure information security
Oglejte si uradni dokument
Nazaj v zbirko podatkov o globah
Prejšnja globa
Spanish Data Protection Authority (aepd) - Comunid...
Naslednja Drobna
Data Protection Authority of Hamburg (HmbBfDI) - C...

Spremljajte novice o uveljavljanju zasebnosti

Spoštujemo vašo zasebnost. Eno e-poštno sporočilo na mesec, brez neželene pošte, odjava kadar koli.