Published confidential personal data: estimated to pay 120,000



[ad_1]

The Örebro County Region Health Board has erred in posting confidential personal data on the region’s website about a patient admitted to a forensic psychiatric clinic. This shows the review of the case by the Data Inspection after receiving a complaint.

– Our examination of the incident shows that confidential personal data has been incorrectly published and opened on the municipality’s website, says Elin Hallström, attorney for the Data Inspectorate.

Written procedures are missing

The Data Inspection review also reveals that there are no written procedures for posting documents and personal data on the website, but that routines around posting are communicated orally.

In the present case, oral procedures have not been followed and the document was published in error, which according to the Data Inspection indicates that the Board has not taken sufficient organizational measures to ensure that personal data is protected against incorrect publication in the region’s website.

– Therefore, we are now instructing the Board to produce written instructions and introduce procedures that guarantee that the person who publishes personal data on the Web does so in accordance with those instructions.

Lack of legal basis

In its decision, the Data Inspectorate also states that the Board had no legitimate purpose, legal basis, or reason for exemption from the prohibition in the Data Protection Regulation against the handling of sensitive personal data with respect to publication. .

Therefore, the Data Inspectorate submits to the Board to remedy the deficiencies discovered and also issues an administrative fine of SEK 120,000 against the Board.

The published document has been removed from the region’s website.

Also read: New GDPR ruling from Data Inspection: Mrkoll fined SEK 365,000



[ad_2]