Data Protection Academy » Data Protection News » Data failure in the district office Coburg

Data failure in the district office Coburg

Data failure district office Coburg

Date: 19.12.2019

Responsible body: District administration Coburg

Type of data protection violation: Data breakdown in the Coburg District Office due to hard disk

The data breakdown in the Coburg district administration office was caused by a hard disk that was replaced by an external service provider after a defect. This service provider deleted the data on the hard drive and sold it on to a third party. The problem is that the data was not professionally deleted and thus not restored.

Some 12,000 data such as documents, e-mails and passwords from the vehicle registration office and the youth welfare office in Coburg were circulated in this way. The data mishap was reported to the responsible data protection supervisory authority, and the central office for cybercrime investigations.

Practical tip: Use of hard disks

The individual-related data are to be processed prudently. Processing also includes the storage of data on media such as hard disks. If these are disposed of, it is imperative to ensure that the data they contain is no longer available.

Categories of data: Documents, passwords, e-mails

Country: Germany, Coburg


Back to the overview of the data breaches

Nadine Porrmann
Latest posts by Nadine Porrmann (see all)

This might interest you too:

Data Protection Officer

Technical organisational measures (TOMs)

All information on the technical organisational measures according to the GDPR. What do responsible parties have to observe during implementation and documentation?
documentation obligations

Create a GDPR-compliant data processing agreement

All information on the data processing agreement according to GDPR. What do controllers have to consider when creating and managing?
Microsoft Office 365 Privacy

Microsoft 365: GDPR-compliant use in the company

Can Microsoft Office 365 be used in compliance with the GDPR? We show how the configuration complies with data protection.