EU court orders Finland to pay fine for employee medical data breach
The European Court of Human Rights has ordered the Finnish government to pay a fine of approximately $54,000 (€34,000) because it failed to protect a citizen's personal data by not adequately securing and protecting a patient’s confidential record.
The court made its ruling based on Article 8 of the European Convention on Human Rights, which guarantees every citizen “the right to respect for his private and family life, his home and his correspondence.”
Additionally, the court ruled that Finland had failed to protect the confidentiality of patient information and ordered the state to pay a nurse approximately $22,000 (€14,000) in damages and $31,000 (€20,000) in costs.
The nurse involved in the case worked in a public hospital between 1989 and 1994 on a series of fixed-term contracts. During the period, she visited the hospital’s infectious diseases clinic, as she was diagnosed with HIV.
In 1992, her colleagues at the hospital’s ophthalmic department were given access to her patient records. Three years later, her contract was not renewed.
According to legal electronic newsletter Out-Law, the European court ruled that public bodies and governments are in contention with Article 8 when private data is not kept private.
The woman in the case did not have to show a willful publishing or release of data—failure to keep it secure was enough to breach the convention, Out-Law reported.
The court made its ruling based on Article 8 of the European Convention on Human Rights, which guarantees every citizen “the right to respect for his private and family life, his home and his correspondence.”
Additionally, the court ruled that Finland had failed to protect the confidentiality of patient information and ordered the state to pay a nurse approximately $22,000 (€14,000) in damages and $31,000 (€20,000) in costs.
The nurse involved in the case worked in a public hospital between 1989 and 1994 on a series of fixed-term contracts. During the period, she visited the hospital’s infectious diseases clinic, as she was diagnosed with HIV.
In 1992, her colleagues at the hospital’s ophthalmic department were given access to her patient records. Three years later, her contract was not renewed.
According to legal electronic newsletter Out-Law, the European court ruled that public bodies and governments are in contention with Article 8 when private data is not kept private.
The woman in the case did not have to show a willful publishing or release of data—failure to keep it secure was enough to breach the convention, Out-Law reported.