Faroe Islands: Authority orders Environment Agency to adopt technical and organisational measures following data breach
The Faroe Islands Data Protection Authority ('the Authority') published, on 7 July 2021, its decision in Case No. 21/12774-9, as issued on the same day, in which it ordered the Faroe Islands Environment Agency to implement technical and organisational measures, for violations regarding the security of processing under Act No. 80 of 7 June 2020 on the Protection of Personal Data ('the Act'), following the notification of a personal data breach.
Background to the case
In particular, the Authority reported that it had received a notification of a personal data breach.
Findings of the Authority
Further to the above, the Authority held that, as a result of the investigation carried out, it had verified that some documents containing personal data had become available on the Environment Agency's website, in relation to the registration system for houses and vehicles.
In conclusion, the Authority ordered the Environment Agency to implement technical and organisational measures to prevent the reoccurrence of personal data breaches, as well as to announce the security incident on its website.