EU Data Protection Regulator suffers data breach!

Back
Danish Flag

The Danish data protection authority has announced that it has itself suffered a personal data breach.

It found that some of its waste paper, containing confidential and sensitive information which should have been shredded, had been disposed of as ordinary paper waste. This paper contained personal information about citizens and employees that was stored electronically in its systems, but had been printed by employees when they needed to discuss a matter internally or proofread a draft letter or note.

This material was subsequently thrown into a container in the belief that this paper waste would be shredded. However, instead, it was taken for ordinary recycling.

The breach had been going on from February to August, (although from mid-March to mid-June all employees worked from home due to COVID-19 pandemic).

Unfortunately, to make matters worse, the breach was discovered by an employee who reported it – but not within the required 72 hours! As a result that employee has been reprimanded.

Insight

This personal data breach shows that anyone can make a mistake. It also shows that many people print and dispose of documents without giving adequate consideration to the potential security risk. This data breach could easily have been avoided, but it seems that, for many, hard copies are still easier to ‘digest’.

All organisations should encourage employees not to print documents simply because it is convenient to them to do so.

If you need help with data retention or storage limitation then check out our DPaaS offerings as they could be the right fit for your organisation.

Further reading:

Data protection headache for Hospitality & Leisure sectors

Employer to pay damages for failure to comply

Failure to delete personal data leads to potential £133k fine

Failure to implement correct processes leads to $80m fine

Garante, Italian DPA, issues €600,000 fine