GDPR Violations Lead To $66,000 Fine for Swedish University
TL;DR
A research group at the Umeå University stored sensitive personal information in the cloud without any sufficient security measures, which resulted in the university being fined SEK550,000 (or $66,000). The fine has been levied for violating the General Data Protection Regulation (GDPR). The data related to a research study on male sexual health was scanned and stored in a US cloud storage service, despite the research group being warned against such negligence.
Key Facts
A research group at the Umeå University of Sweden, conducting a study on male sexual health got access, on request, to some preliminary reports on police investigation of cases of male rape. These files were scanned and stored in an unsecured US cloud storage service.
The reports contained sensitive personal information such as suspicion of crime, name, personal identity number, and contact details of people, among other things.
The research group also sent requests to the police for more information, attaching some of these scanned reports for reference, through unencrypted emails. This was done by the researchers despite the police asking them not to send sensitive material through such unsecured modes.
The Swedish Data Protection Authority conducted an audit and concluded that the University has been in violation of the GDPR and issued a fine of SEK 550,000 which amounts to $66,000.
Details
With the rising numbers of cyberattacks and data breaches, even a little negligence can prove to be very costly. Educational institutions, healthcare facilities, and financial institutions seem to be primary targets in such events. The Umeå University of Sweden has had to pay heavily for the negligence of one of its research groups.
The research group collected sensitive personal information on male rape cases from the police to aid their study on male sexual health. The preliminary police reports contained crucial and highly sensitive information. Despite repeated warnings from the university and the police, the research group continued to ignore data security protocols. The scanned files were stored in a US-based cloud storage service without sufficient protection. They were also shared with the police through unencrypted emails, for reference during further communication.
This is seen as serious neglect and the University has been fined $66,000. The Swedish Data Protection Authority, through investigation, arrived at the conclusion that the University has “violated the General Data Protection Regulation by processing special categories of personal data without applying appropriate technical and organizational measures to protect the data”, mentions the press release published on Swedish Data Protection Authority’s news site.
The official report adds that “The Swedish Data Protection Authority also criticizes the university for failing to report the incident as a personal data breach.”
Get similar news in your inbox weekly, for free
Share this news:
Latest stories
How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring
We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …
AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost
In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …
A Review of Zoho ManageEngine
Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …
Should I learn Java in 2023? A Practical Guide
Java is one of the most widely used programming languages in the world. It has …
The fastest way to ramp up on DevOps
You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …
Why You Need a Blockchain Node Provider
In this article, we briefly cover the concept of blockchain nodes provider and explain why …
Top 5 Virtual desktop Provides in 2022
Here are the top 5 virtual desktop providers who offer a range of benefits such …
Why Your Business Should Connect Directly To Your Cloud
Today, companies make the most use of cloud technology regardless of their size and sector. …
7 Must-Watch DevSecOps Videos
Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …