A list of Romani scholarship recipients including sensitive personal data showed up recently on the Czech Education Ministry’s website. The ministry removed the list after Czech Television reported on the case earlier this week. Czech Education Minister Josef Dobeš (Public Affairs – VV) has filed criminal charges against an unidentified perpetrator over the information leak.
Czech Television reported that the list included the names and exact addresses of a total of 895 Romani pupils whose high school studies have been financially supported by the ministry. The incident means the ministry may have violated the law on the protection of personal data.
“What happened is an unforgivable mistake by a ministry bureaucrat. If the suspicions are confirmed that a specific staffer published the data, I will change the criminal charges against an unidentified perpetrator to charges against the person responsible,” Dobeš said in a press release.
Read more on romea.cz.
If I did the conversion right (which I often don’t, despite helpful web tools), the fine could amount to $536,000.00. If memory serves, that’s more than what the U.K.’s ICO has fined entities for breaches. Some settlements or fines in U.S. cases have exceeded that amount, however.
h/t, @daraghobrien.