The number of such cases is visible in the data that the Danish Data Protection Authority receives from the municipalities, according to the newspaper.
“There is humiliation in the fact that a stranger gets to see that information. But there can also be a security risk involved if the wrong people get such information,” Henning Mortensen, chairman of the Council for Digital Security, told Jyllands-Posten.
He believes this type of error erodes citizens’ trust in the authorities.
The newspaper has been in contact with many citizens who have had other people’s personal information – such as notifications about children in distress or psychological reports – sent to them by municipalities.
Sune Albrechtsen, who lives in Rødovre Municipality, told the newspaper that he wrongly got sent a divorce document related to a man from Morsø Municipality, as well as a list with the full names and social security numbers of 75 school children in Rødovre Municipality.
Work in progress
In an email to Jyllands-Posten, Rødovre Municipality’s acting head of the Children and Family Department, Stine A. Høgh, wrote that the municipality is working to reduce the number of data security breaches.
The figures obtained by Jyllands-Posten specifically show that from week 17 in 2020 until the rest of that year, municipalities reported that they had given sensitive personal information to the wrong people 922 times.
In 2021 in total, such breaches were reported 1032 times. Furthermore, this type of error has been reported almost 800 times in the first nine months of this year.
It is a legal obligation for a municipality to report when it discovers that sensitive personal information has been sent to the wrong person.
Allan Frank, an IT security specialist and lawyer at the Data Protection Authority, told the newspaper that what the authority call sending “correct information to the wrong recipient” is one of the most frequent causes of security breaches in Denmark.