Administrative fine against the Equality Ombudsman when personal data was collected via a web form
The reason for the supervision is a personal data breach that DO reported to the IMY in the fall of 2021. The incident concerned the DO's web form for collecting tips and complaints about discrimination. During the supervision, it emerged that the DO had taken a security measure intended to protect the personal data collected via the web form so that the data would not be included in usage analyses of the DO's website.
However, the security measure did not work as intended, which lead to some data, potentially sensitive personal data, being inadvertently disclosed to the personal data processor that the DO had hired to conduct the analyses. It is estimated that approximately 500 tips and complaints have been affected.
As soon as DO became aware of the incident, the authority closed the web form.
– The incident lasted for a year and shows the importance of working continuously and systematically with security in order to be able to discover insufficient security measures earlier, says Petter Flink, IT and information security specialist at IMY.
The decision in Swedish is published on the Swedish version of this site.
More news on this topic
-
Administrative fines against two companies in the SL Group
3 July 2025 -
The Hospital Board has failed in its security measures when handling e-mail
12 May 2025 -
Administrative fines against Apoteket and Apohem for transferring personal data to Meta
3 July 2025 -
H&M has made it unnecessarily difficult to avoid marketing
19 October 2023
More news on this topic
-
Administrative fines against two companies in the SL Group
3 July 2025 -
The Hospital Board has failed in its security measures when handling e-mail
12 May 2025 -
Administrative fines against Apoteket and Apohem for transferring personal data to Meta
3 July 2025 -
H&M has made it unnecessarily difficult to avoid marketing
19 October 2023