The norwegian data Protection sanction has imposed a EUR 50,000 (NOK 500,000) mulct on Moss Municipal Council for failing to adequately protect personal data. The wrongdoing has been corrected and the case closed. In connector with the amalgamation of the municipalities of Rygge and Moss in January 2020, efforts were made to combine the utilise of IT systems for various municipal service areas. The case relates to an administrative system that Moss Council had used for many years and that employees in the health service for children and young people in the former municipality of Rygge began to utilization after the merger. Moss Council discovered the wrongdoing after conversion of the system�s users and data. Personal data and health data The administrative system processes personal data and health data, and covers people who live in the municipality and make usage of the fry health clinic. The system applies to services relating to the municipality�s vaccination programme, as well as babe and child health checks and antenatal care. Moss Council itself reported that aspects of its data processing violated the requirements for confidentiality, unity and accessibility. The case involves personal data about both adults and children. The following violations were reported: " Incorrect registration of vaccines. Some people were registered as having received vaccines when they had not, while vaccines administered to others were not entered in their records. The error creates a risk of incorrect vaccination, and a risk of errors in the Norwegian National Immunisation Registry. " Errors in patient records. The errors found relate to the reexamination of expectant mothers, including incorrect number of weeks of pregnancy, errors in weight and height recorded by the school health service, and errors in details of the mother�s utilize of alcohol/narcotic substances. " In one department, patient data was made accessible to healthcare personnel who had no professional need for it, and without access being traceable. " Errors relating to routine administration, such as appointment books, and patient register keeping. The error has been corrected spell 2,000 people could get been affected, no specific individuals were identified as actually having been impacted by the error. The error was quickly rectified and is under control. Based on an overall appraisal of the case, to which Moss Municipal Council has contributed, the norwegian data tribute Authority decided to impose a EUR 50,000 fine. For further information, please contact the norwegian DPA:�international@datatilsynet.no The archetype press release is available in Norwegian�here The press vent published here does not constitute official EDPB communication, nor an EDPB endorsement. This press liberate was originally published by the national supervisory authority and was published here at the bespeak of the sa for information purposes. as the press vent is represented here as it appeared on the SA’s website or other channels of communication, the tidings item is only available in english or in the penis State’s official language with a short introduction in English. Any questions regarding this press free should be directed to the supervisory authorisation concerned. Seen on EDPB.
