Asker Municipality

€100,000

Insufficient technical and organisational measures to ensure information security

Datum för beslut

15 mars 2021

Myndighet

Norwegian Supervisory Authority (Datatilsynet)

NO

Sektor

Public Sector and Education

Land

NO

Lag

GDPR

Status

FINAL

Beskrivning

The Norwegian DPA (Datatilsynet) has fined the municipality of Asker EUR 100,000. On May 20, 2020, the DPA received a notice that the municipality had unlawfully published personal data on its website. On the website, users could view the names of documents that had previously been sent via the municipality's email distribution list. In addition to the names of the actual document, they also contained the names and dates of birth of 127 people, including children. Although the distribution lists were proofread daily by two people, the municipality had failed to detect the discrepancies. The Norwegian DPA concludes that the data breach occurred partly due to a lack of required routines for handling email lists.

Rättsliga hänvisningar

Art. 5Art. 6Art. 32 (1)Art. 24

Frågor och överträdelser

Insufficient technical and organisational measures to ensure information security
Visa officiellt dokument
Tillbaka till databasen för böter
Föregående Fine
Spanish Data Protection Authority (aepd) - Air Eur...
Nästa Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Håll dig uppdaterad om efterlevnaden av sekretessreglerna

Vi respekterar din integritet. Ett e-postmeddelande per månad, ingen skräppost, avsluta prenumerationen när som helst.