- ‣ The United Nations Suffers a Data Breach, Exposing 100,000 Employee Details
- ‣ KubeSphere Extends Collaboration To Amazon Web Services
- ‣ Red Hat To Acquire StackRox and Bring To OpenShift Platform
- ‣ DataStax Releases K8ssandra – The Latest Production-Ready Platform for Running Apache Cassandra on Kubernetes
- ‣ AWS Launches Location Service, Opening New Opportunities For Developers
- ‣ GDPR Violations Lead To $66,000 Fine for Swedish University
- ‣ CloudLinux To Invest A Million Dollars Annually In Project Lenix
- ‣ Google Launches Machine Query Language in General Availability for Cloud Monitoring
- ‣ AWS Launches Service Workbench for Researchers
- ‣ AWS Batch Support Now Available for AWS Fargate
- ‣ Highest-Rated Cloud Computing Companies to Work For in 2021
- ‣ Mirantis Launches k0s - The Smallest, Simplest Kubernetes Distro
- ‣ AWS Fault Injection Simulator Improves Cloud Chaos Engineering
- ‣ China claims it’s quantum computer is 100 trillion times faster than any supercomputer
- ‣ Red Hat OpenShift to Support Windows Containers from 2021
- ‣ How Do Teams Automate Security in 2020?
- ‣ Github Releases 2020 State Of The OCTOVERSE Report
- ‣ Twitter Signs Agreement With AWS To Leverage The Public Cloud
GDPR Violations Lead To $66,000 Fine for Swedish University
Jan. 11, 2021, 8:54 p.m. in Cloud Computing
A research group at the Umeå University stored sensitive personal information in the cloud without any sufficient security measures, which resulted in the university being fined SEK550,000 (or $66,000). The fine has been levied for violating the General Data Protection Regulation (GDPR). The data related to a research study on male sexual health was scanned and stored in a US cloud storage service, despite the research group being warned against such negligence.
A research group at the Umeå University of Sweden, conducting a study on male sexual health got access, on request, to some preliminary reports on police investigation of cases of male rape. These files were scanned and stored in an unsecured US cloud storage service.
The reports contained sensitive personal information such as suspicion of crime, name, personal identity number, and contact details of people, among other things.
The research group also sent requests to the police for more information, attaching some of these scanned reports for reference, through unencrypted emails. This was done by the researchers despite the police asking them not to send sensitive material through such unsecured modes.
The Swedish Data Protection Authority conducted an audit and concluded that the University has been in violation of the GDPR and issued a fine of SEK 550,000 which amounts to $66,000.
With the rising numbers of cyberattacks and data breaches, even a little negligence can prove to be very costly. Educational institutions, healthcare facilities, and financial institutions seem to be primary targets in such events. The Umeå University of Sweden has had to pay heavily for the negligence of one of its research groups.
The research group collected sensitive personal information on male rape cases from the police to aid their study on male sexual health. The preliminary police reports contained crucial and highly sensitive information. Despite repeated warnings from the university and the police, the research group continued to ignore data security protocols. The scanned files were stored in a US-based cloud storage service without sufficient protection. They were also shared with the police through unencrypted emails, for reference during further communication.
This is seen as serious neglect and the University has been fined $66,000. The Swedish Data Protection Authority, through investigation, arrived at the conclusion that the University has “violated the General Data Protection Regulation by processing special categories of personal data without applying appropriate technical and organizational measures to protect the data”, mentions the press release published on Swedish Data Protection Authority’s news site.
The official report adds that “The Swedish Data Protection Authority also criticizes the university for failing to report the incident as a personal data breach.”