Sensitive data, have is and will always be a problem
Since the first day we start using computers to add records of persons this have been an recurring question…
What should we classed as sensitive data when it comes to individuals, where should the limit be. How much should we save in this registers and how should this be dealt with?
In Sweden has the highest administrative court, on appeal, given permission to 2 different companies to keep records of their employees and job seekers… And that’s because it was done, by using Word and Excel for this…
This started back in 2011, when the Swedish Data Inspection Board demanded that Gothia Protection Group and 2Secure should discontinue offering background check on employmer or change the way they handled the data.
Data Inspectorate said that the identification of individuals in this case was far too extensive for it to be counted as everyday processing of personal data.
Both Gothia Protection Group and 2Secure said that they did not do anything wrong. And judgment under appeal all the way up to the Supreme Administrative Court in Sweden. Their argument was that there had not record any data in databases. And that it was not done in a facilitated way to be search within the data. It also pointed out that the data was saved in Excel files, and then all reports was written in Word documents, and then all reports was encrypted.
The Supreme Administrative Court, unlike previous instances, went on Gothia Protection Group and 2Secure line. And thats because they has only use “simple digital document such as Excel spreadsheets and word documnet processing programs”
The Supreme Administrative Court wrote in its judgment.
“Computer technological advantage has thus indeed exploited individuals. But not in any extensive way, and not as in terms of structuring or searchable in any form.”