Norway Post fined for “gross violation” of data protection laws
Norway Post has received a slap on the wrist from regulators after its treatment of confidential address information was found to be breaking national data protection laws. Norway’s Data Inspectorate handed out a NOK 100,000 ($17,675 USD) fine on Monday, warning there could be “serious consequences” if confidential addresses were given out.
One of the key criticisms was that it took three weeks for Norway Post to process a request by a customer for an address to be made confidential, and to remove it from the national address database.
The Post also had no requirements in place to delete confidential addresses from mailing lists being verified against its database, said the Inspectorate.
And, the regulator said Norway Post had not provided information to customers on how to opt out of having their details included within its address hygiene service.
Pressure from the regulator has now brought improvements, and Norway Post is now able to make daily updates on the national database.
However, the Inspectorate said the fine had been necessary for the “gross violation” of the Personal Data Act.
The Inspectorate’s general counsel, Mari Hersoug Nedberg, said: “We look seriously at the practices through which the Post has been handling confidential addresses. It has taken too long for the Post to record that an address is confidential. Also, they should have taken responsibility to alert clients of their address cleansing service to delete these addresses.”
Nedberg added: “There can be serious consequences for those who have confidential addresses if others have access to it. We look at the Post’s past practice as being such a gross violation of the Personal Data Act, we have found it necessary to impose a fine on them – even if they improve their practices.”
Improvements
Following the improvements at Norway Post, customers registering an address at the post office will now be informed that it is possible to opt out of the Post’s address cleansing system, and provided with information on how to opt out.
With Norway Post now providing daily updates to the national database, customers using its address cleansing services should now be notified of confidential addresses.
The Inspectorate said the Post has since carried out “expensive” training and developed its customer services in this area.
Norway Post said it was “surprised” by the Inspectorate’s decision to impose a fine, disagreeing that such a move was necessary, but said that it had noted the regulator’s decision.
The Post’s executive director Elisabeth Gjølme said: “Although we believe there has been noncompliance, we have seen that there was room for improvement. We are pleased to have come up jointly with solutions that both the Data Inspectorate and the Post finds satisfactory. We will provide even better services for mail recipients with confidential addresses and the Post’s customers in general.”
