The healthcare company Medhelp has to pay millions in sanction fees for recorded calls to 1177 Vårdguiden was unprotected online. This has been decided by the administrative court in Stockholm.
Medhelp must pay SEK 8.8 million, reports Dagens Nyheter. The Stockholm Region and the company Voice, which processed the personal data for Medhelp, will also pay fees of SEK 500,000 each. The Värmland region must pay SEK 250,000.
The Privacy Protection Authority (IMY) initiated an investigation into the case due to information that millions of recorded phone calls to 1177 care guide were open on an unprotected server for several years, something that Computer Sweden reported in 2019. IMY concluded that several actors would pay a penalty fee .
Reduced amount
After Medhelp, Voice, Region Stockholm and Region Värmland appealed the decision to the administrative court, the new penalties have now been decided. The amounts for Medhelp and Voice are reduced with the ruling of the Administrative Court. IMY had demanded a penalty of twelve million kronor.
The reason why companies and regions have to pay the fees is shortcomings in the processing of personal data. There have also been shortcomings in the duty to inform the data subjects about the processing of personal data, by Medhelp and the regions.
“Large amount”
“The Administrative Court considers that the health care counseling company Medhelp should have ensured a better level of security for the data. This is a large number of sensitive information that has been unprotected for a long time “, says Anna Önell, CEO, according to a press release.
Following the revelation in Computer Sweden, the newspaper was reported to the police by Medhelp for, among other things, data breaches. But a prosecutor dropped the investigation, as the newspaper’s purpose was to highlight misconduct in public activities.