DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Norwegian DPA issues fine to Municipality of Indre Østfold

Posted on February 18, 2021 by Dissent

As seen on the European Data Protection Board (EDPB):

The Norwegian Data Protection Authority has fined the Municipality of Indre Østfold EUR 20 000 (NOK 200,000) for a confidentiality violation. Personal data that should have been restricted was available to unauthorized persons.

The Municipality of Indre Østfold, formerly the Municipality of Askim, published the records file of a former pupil on its municipal website. This file included confidential personal data.

Tipped off by a local newspaper

The background for this incident was that the pupil needed his record file in connection with his further studies, and asked the municipality to send it to them. The municipality routinely enters such Access to Information requests in the public record. This process also entails the document to which access has been requested, being scanned and made available for public access.

The pupil’s file was available on the municipality’s website from Friday 27 September to Monday 30 September. The municipality was made aware of the incident by a journalist from the local newspaper Smaalenenes Avis. The documents were removed from the public record and exempted from public access as soon as they were discovered. The affected person was then notified.

Fine not adjusted

The municipality responded to the Data Protection Authority’s notice of fine. In its response, the municipality apologized for “sensitive personal data” having been included in the public record. At the same time, the municipality urged the Data Protection Authority to reconsider the size of the fine, considering the measures implemented after the fact.

A fine should reflect the severity of the violation. Norwegian law requires the municipality to implement any measures necessary to prevent future violations. The Data Protection Authority has found that, given the severity of the violation, the measures later implemented to remedy the incident do not significantly affect the amount of the fine imposed.

The Norwegian Data Protection Authority have therefore decided not to reduce the fine.

For further information, please contact the Norwegian DPA: [email protected]

The press release published here does not constitute official EDPB communication, nor an EDPB endorsement. This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. As the press release is represented here as it appeared on the SA’s website or other channels of communication, the news item is only available in English or in the Member State’s official language with a short introduction in English. Any questions regarding this press release should be directed to the supervisory authority concerned.
Category: Commentaries and AnalysesExposureGovernment SectorNon-U.S.

Post navigation

← Hacker attack on Hellenic Defense Systems (Ελληνικά Αμυντικά Συστήματα (EAS) – Threat actor(s) demand ransom in cryptocurrencies
Dutch Police post “say no to cybercrime” warnings on hacker forums →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.