Arbeids- og velferdsetaten faces a fine of EUR 1.7 million (USD $1.85 million) as a result of enforcement action launched by the Norwegian Supervisory Authority.
The Controller failed to put in place the proper organisational and technical safeguards to secure personal data, according to the DPA's findings.
A disproportionate amount of workers also had access to private information, sometimes even highly sensitive information. The controller also neglected to implement methodical controls on staff members' use of IT systems throughout that period. Because the data had been handled insecurely for a long time, the DPA considered this factor when determining the appropriate penalties.
"id": "ARB184931223",
"linkid": "arbeids--og-velferdsdirektoratet",
"type": "Data Leak",
"date": "12/2023",
"severity": "100",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"