Cianan Brennan reports:
Dublin’s Education and Training Board (CDETB) has been fined €125,000 by the Data Protection Commission after the personal details of 13,000 grant applicants were made available to “unauthorised persons”.
The commission concluded after a six-year investigation that the ETB had breached GDPR in multiple ways by both failing to ensure sufficient security for the personal data on its website and by then neglecting to inform the commission of the issue in due course when it was first discovered.
The fine of €125,000 is the second largest levied by the commission on an Irish State body.
That penalty stands second only to the €550,000 fine handed to the department of social protection earlier this month for the use of biometric data on its public services card.
Read more at the Irish Examiner.