Denmark’s data protection authority, Datatilsynet, is recommending a financial penalty against the Central Jutland region for failing to ensure a sufficiently high level of security in storing patient records at the regional hospital in Horsens.
The authority fell foul of privacy laws because the covers of some of the 100,000 physical patient records could be seen by passers-by through a building’s clear, unfrosted window. The information visible included the patient’s name and social security number.
Though it accepted access was unintentional, Datatilsynet found that Central Jutland region had not established appropriate safeguards for storage of the personal data.
“That all employees and patients who were at the hospital have had access to an archive of approximately 100,000 patient records is a serious mistake which should have been discovered earlier,” head of data information Frederik Viksoe Siegumfeldt said.
Datatilsynet is recommending a fine of DKK400,000 ($63,500, €53,800).
Don’t miss PrivSec Global next week, a two-day live and on-demand livestream experience.
Must see sessions include:
Digital Advertising: Death of Third Party Cookies and the Future of Digital Advertising | 22 September at 8:00am BST
Emerging Challenges in Cybersecurity: Lessons Learned and Actionable Steps to Protect Your Organization | 22 September at 10:00am BST