The data protection agency Datatilsynet has opened a case against DSB in relation to an incident earlier this month when the rail operator sent emails to more than 10,000 customers containing links to other passengers’ personal information, the IT news site Version2.dk reports.
READ MORE: Transport Ministry wants explanation of DSB gaffe
The case has been opened due to a number of the customers who received the emails in question reporting the incident to Datatilsynet.
Version2 has access to a letter from Datatilsynet to DSB that outlines applicable data protection legislation as well as demanding answers to a number of questions, including how the mistake happened, what DSB did to minimise the damage, and what measures have been put in place to ensure it doesn’t happen again.
DSB has previously blamed human error at the IT subcontractor Ogilvy for the gaffe and declined to comment on the Datatilsynet communication to Version2.