Data protection agency investigating DSB over confidentiality breach

Rail operator asked to explain blooper and answer IT security questions

The data protection agency Datatilsynet has opened a case against DSB in relation to an incident earlier this month when the rail operator sent emails to more than 10,000 customers containing links to other passengers’ personal information, the IT news site reports.

READ MORE: Transport Ministry wants explanation of DSB gaffe 

The case has been opened due to a number of the customers who received the emails in question reporting the incident to Datatilsynet.

Version2 has access to a letter from Datatilsynet to DSB that outlines applicable data protection legislation as well as demanding answers to a number of questions, including how the mistake happened, what DSB did to minimise the damage, and what measures have been put in place to ensure it doesn’t happen again.

DSB has previously blamed human error at the IT subcontractor Ogilvy for the gaffe and declined to comment on the Datatilsynet communication to Version2.