The city council in Oslo has been ordered to pay NOK400,000 ($48,000, €39,300) by the country’s DPA (Datatilsynet) for making publicly available an individual’s personal information.
“The data inspectorate finds it reprehensible that the publication on eInnsyn includes sensitive personal information, including health information and information about the privacy of the person concerned. The incident is serious,” Camilla Nervik, a section leader at the data protection authority said.
EInnsyn refers to a service in Norway that gives digital access to unpublished documents.
The document in question was sent by the council’s attorney to the finance department without being marked to be excluded from public access.
Therefore, it was not stored in an internal area or the archive system and was considered approved for publication, according to the DPA.
The document was publicly available for five hours before it was removed after the affected person contacted the municipality himself.
Make sure to register to PrivSec Global and hear thought-leaders discuss and debate global regulatory developments.
Must see sessions include:
Regulatory Developments: POPIA and the Principles of Enforcement Action - 10am on 22 June
America Focus: Caribbean Data Protection and Privacy Regulations - 4pm on 22 June
America Focus: LGPD: Compliance, Enforcement and the Impact of South American Privacy Laws - 6pm on 22 June
Middle East and North Africa Focus: Data Protection and Privacy Regulations Across the Region - 9am on 23 June