Lillestrøm Municipality – €30,000 Fine (Norway, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Lillestrøm Municipality was fined EUR 30,000 for accidentally publishing student personal data online. This breach highlights the importance of having strong data protection measures in place. Businesses should ensure they have effective checks to prevent unauthorized data exposure.
What happened
Lillestrøm Municipality accidentally published documents containing students' personal data online.
Who was affected
Students whose personal information, such as names and test results, was exposed.
What the authority found
The Norwegian DPA found that Lillestrøm Municipality failed to implement adequate technical and organizational measures to protect personal data.
Why this matters
This case underscores the need for organizations to have robust data protection processes and checks. It serves as a reminder that failing to detect data breaches internally can lead to significant penalties.
GDPR Articles Cited
The Norwegian DPA has imposed a fine of EUR 30,000 on Lillestrøm Municipality. The municipality had accidentally published a document in which 10 out of 21 attachments contained personal data of students. The data included information on student names, date of birth, test results, assessments of student behavior and student challenges. This error was not detected by the responsible administrator and went through two more manual quality checks at the documentation center without the error being detected there as well. It was only a journalist who later drew attention to the data breach. During its investigation, the DPA found that the municipality had not taken sufficient technical and organizational measures to protect personal data. Also, the fact that the incident was discovered not by the municipality, but by a third party, indicates inadequate routines in this area.
Related Enforcement Actions (0)
No other enforcement actions found for Lillestrøm Municipality in NO
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
2 February 2022
Authority
Datatilsynet (Norway)
Fine Amount
€30,000
Enforcement Tracker ID
ETid-1149
About this data
Cite as: Cookie Fines. Lillestrøm Municipality - Norway (2022). Retrieved from cookiefines.eu
Last updated: