Sweden’s Data Protection Authority has divulged that it has opened investigations into medical service providers, Voice Integrate Nordic.
The organisation is part of Vardguiden, the country’s phone-up medical information service. Recent news reports allege that a high number of recorded phone calls received by Voice Integrate Nordic were placed in the public domain online and had become open to public access without protection through encryption or passwords.
Further details have not yet been released on whether or not a breach in regulatory standards has taken place. Under GDPR terms, private personal data cannot be accessed or shared without the explicit opt-in consent of the individuals to whom the data belong.
The EU data laws also put new responsibilities on the shoulders of Data Protection Officers (DPOs) and their teams regarding the implementation of compliant security measures surrounding data processing.
Supervising the investigation’s progress is Suzanne Isberg, who said that the Data Protection Authority in Sweden will have to identify what kinds of personal data were compromised, which IT infrastructures that were involved, and steps to take in order to avoid a repeat of the incident in future.
Emphasising the complexity of the task at hand, Isberg said that the numerous parties involved in the blunder will have to collaborate with authorities, legal teams and IT specialists before conclusions can be draw from the inspection in its early stages.
IT expert, Magnus Bergstrom commented that a large part of the probe will concern mapping personal data flows between IT systems and studying the technologies and practices that were in place to protect them.
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.