Institute sends CD-ROMs with medical information to millions of Danes to the wrong company
The Danish Statens Serum Institut accidentally had two CDs containing medical information on virtually all residents of Denmark delivered to a Chinese company in Copenhagen. The package was intended for a statistics agency.
The package turned out to be open, but whether employees of the Chinese company have seen and removed the data is unknown. There are no known cases of misuse of the data, says the Danish privacy authority Datatilsynet.
The Chinese company says that an employee accidentally opened the package, but immediately closed it again and forwarded it to the correct address, writes the Danish newspaper TheLocal. The Chinese company in question helps people apply for a visa for travel to China.
The CD-ROMs contain unencrypted data with the ‘social security numbers’ and associated medical information of more than five million inhabitants of Denmark, which has a total of 5.5 million inhabitants. There were no names or addresses. These are people who lived in Denmark between 2010 and 2012. The privacy authority finds it wrong that the institute sent the data unencrypted.