Norway Norway

Asker Municipality

100,000 €

GDPR enforcement action by Norwegian Supervisory Authority (Datatilsynet) on 2021-03-15.

Rank · Sector
#42
of 357 in Public Sector and Education
Rank · Norway
#15
of 53
Rank · All fines
#468
of 3,050

Case details

Authority
Norwegian Supervisory Authority (Datatilsynet)
Date
2021-03-15
Controller / Processor
Asker Municipality
Sector
Public Sector and Education
Quoted Articles
Art. 5 GDPR, Art. 6 GDPR, Art. 32 (1) b) GDPR, Art. 24 GDPR
Type of violation
Insufficient technical and organisational measures to ensure information security

Summary

The Norwegian DPA (Datatilsynet) has fined the municipality of Asker EUR 100,000. On May 20, 2020, the DPA received a notice that the municipality had unlawfully published personal data on its website. On the website, users could view the names of documents that had previously been sent via the municipality's email distribution list. In addition to the names of the actual document, they also contained the names and dates of birth of 127 people, including children. Although the distribution lists were proofread daily by two people, the municipality had failed to detect the discrepancies. The Norwegian DPA concludes that the data breach occurred partly due to a lack of required routines for handling email lists.

Open original source Links to the regulator's original publication or another source.

Related fines

Norway
Norway
2021-12-13
6,300,000 €
ETid-950
Grindr LLC
Media, Telecoms and Broadcasting
Norway
Norway
2026-06-01
1,820,000 €
ETid-3193
Elkjøp AS
Industry and Commerce
Norway
Norway
2023-11-27
1,700,000 €
ETid-2136
Norwegian Labor and Welfare Administration
Public Sector and Education
Norway
Norway
2023-02-06
900,000 €
ETid-1656
Sats ASA
Industry and Commerce
Norway
Norway
2021-09-27
496,000 €
ETid-851
Ferde AS
Public Sector and Education
Norway
Norway
2021-10-18
412,000 €
ETid-878
Østre Toten municipality
Public Sector and Education
Back to all fines