The Norwegian Supervisory Authority, Datatilsynet, fined the municipality of Bergen 170,000 euros for violations of the EU General Data Protection Regulation. An investigation found the usernames and passwords of 35,000 primary school students and employees were left unprotected and openly accessible. Datatilsynet determined the municipality did not have the proper security measures in place and had violated both Articles 5(1)f and 32 of the GDPR. Users’ names, dates of birth, passwords, school affiliations and school grades were among the data in the exposed system.
If you want to comment on this post, you need to login.