Imposing Fines from The Norwegian Data Protection Authority to Ultra-Technology AS, ST. Olavs Hospital and Høylandet Municipality

Rekabet Hukuku

                                                                                                                      28.10.2021           

Performing Credit Cart Rating without Legal Basis

The Norwegian Data Protection Authority (“Datatilsyet”) imposed a fine Ultra-Technology AS NOK 125,000 (EUR 12,500) for performing a credit rating on a private individual without any legal basis.

The reason of the fine is a complaint from a private individual who has undergone a credit assessment without any form of customer relationship or other connection to the company Ultra-Technology AS.

You can find the full text here.

 

Lack of Access Management Concerning Folder Areas Outside Patient Records

Datatilsyet  fined St. Olavs Hospital NOK 750,000 (EUR 75,000) due to a lack of access management concerning folder areas outside patient records.

The information concerned a large number of patients of  the Clinic of Cardiology, medical equipment and child and adolescent psychiatry.

There are three non-conformity reports in March 2020. The non-conformities concerned a lack of access management in folder areas outside patient records. The folders were accessible to all authorised users within the Central Norway Regional Health Authority.

You can find the full text here.

 

Access of the Staff at the Health Clinic to the Health Data off Subject

Høylandet municipality  has been fined NOK 400,000 (EUR 40,000). Image files containing health data about people with no connection to the municipality were accessible to staff at the health clinic.

The Norwegian Data Protection Authority noted that the municipality did not implement any relevant measures after the non-conformity was discovered.

The error has been resolved and the municipality has also introduced a new internal control system.

You can find the full text here.

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr