Dutch DPA fine insurance agency for poor data security

2021-07-09T14:09:00+01:00

No comments

The Netherlands’ data protection authority (Autoriteit Persoonsgegevens – AP) has ordered the Employee Insurance Agency (UWV) to pay €450,000 ($533,000) for not properly securing the sending of group messages via its My Work Folder system.

The platform is used by job seekers to contact the agency, an independent administrative authority commissioned by the ministry of social affairs and employment.

There were nine data breaches between August 2016 and the end of 2018 involving personal data, such as health, identity number, address and level of education, of more than 15,000 people.

AP board member Katja Mur said: “Some of this is special, personal data that must be handled with extra care. It is painful when this kind of data about yourself ends up in the wrong hands. Someone can run off with it, making you vulnerable to, for example, fraud.”

She also commented: “You must be able to expect from an organisation such as the UWV that your data is safe. If that is not the case, it will affect the public’s confidence in the government.”

At the time of the data breaches, 4.5m Dutch were registered with UWV, including job seekers, and ill and disabled people.

The AP’s investigation found the agency had insufficiently mapped out risks in processing job seekers’ personal data, should have better checked its own security and implemented technical measures earlier than the end of 2018.

The UWV has the right to appeal against the fine.

Missed PrivSec Global’s livestream experience?

No problem, simply CLICK HERE to access the sessions on demand.

Topics

No comments

News
Euro politicians question UK’s Data Protection Bill compatibility with GDPR

2024-02-28T09:25:00Z By GRC World Forums

Paul Tang, a Member of the European Parliament, has raised concerns about the UK’s new Data Protection and Digital Information Bill (DPDI) and its potential to undermine elements of the GDPR.
News
Italian city first to receive fine for AI privacy violations

2024-01-29T15:27:00Z By GRC World Forums

The data privacy regulator in Italy has imposed a €50,000 fine on Trento for violating laws regarding the northern city’s use of artificial intelligence (AI) in urban surveillance schemes.
Video
ChatGPT: the data privacy nightmare?

2023-12-19T06:06:00Z

Within two months of its release, it reached 100 million active users, making it the fastest-growing consumer application ever launched.

No comments yet

You're not signed in.

Only registered users can comment on this article.

More from GDPR

Feature
Five years of GDPR - what does the dawn of AI mean for data privacy regulations?

2023-05-25T14:43:00Z By GRC World Forums

May 25, 2018 saw the introduction of the EU’s General Data Protection Regulation (GDPR), a ground-breaking legal framework that set new standards on how organisations both within and beyond EU borders obtain, process and store personal data.
News
Meta faces GDPR penalty on top of order to halt data transfers

2023-05-03T15:02:00Z

Meta is getting ready for the cessation of its EU-U.S. data transfers, as well as a fine for violating the EU General Data Protection Regulation, according to filings made with the U.S. Securities and Exchange Commission.
News
Potential cost increase to access EU markets due to new UK data law

2023-04-24T09:38:00Z

Proposed data regulations in the UK, currently awaiting approval from Parliament, may fall short of Europe’s GDPR standards.