Monday, January 17

The Data Inspectorate announces a fee to Trump of five million kroner

Trump says they will accept the fee.


The case is being updated.

The background is that Trump members have been able to register others ‘account numbers on the member profile and thus gain access to others’ trading history.

I the press release writes the Data Inspectorate that by registering a bank account you get access to what you have traded, where and when the trade has been completed. The reason they have been able to gain access is that Trump has not provided a solution to confirm that the member also owns the account.

Trump has now ensured that account numbers are verified before access to the trading history and new registrations of account numbers.

However, this is only a notification of a decision, and no final decision will be made until after Trump has sent his comments to the Norwegian Data Protection Authority.

In a separate message, Trump writes that they will adopt the fee from the Danish Data Protection Agency.

Think they themselves have spent too long

The background for the Data Inspectorate’s decision is that Trump has spent too long putting in place good enough solutions to verify account numbers against ID. Such a solution is now in place, but it has previously been possible to register other people’s account numbers against their Trump membership.

– The Data Inspectorate plays a key role in ensuring that the privacy of Norwegian consumers is safeguarded in the best possible way. When the audit in this case disagrees with our assessments, it is only natural to take note of this, says the general manager of Trump, Truls Fjeldstad, and adds:

– We have not succeeded in finding a solution against the banks until this year, and we acknowledge that it has taken a long time to solve it. The audit points out that the old solution could mean that shopping data became available to unauthorized persons. Of course, Trump has taken this very seriously. The privacy of our members is extremely important to us.

Supervised in 2016

– We supervised and asked Trump to close this security hole already in 2016, but it was not implemented. We were made clear on how important it was to ensure verification of the account holder, so that no Trump members could register other people’s bank account and gain access to personal information about them, says legal senior adviser Ida Småge Breidablikk in the Data Inspectorate.

In the notification, the Data Inspectorate writes that in cases where persons have consciously or unconsciously exploited current vulnerability by registering someone else’s bank account on their own membership constitutes a breach of personal data security.

This is basically a duty to notify the Data Inspectorate. Such incidents must also be documented internally in the company.

– The notice states that we believe Trump has not provided sufficient security for the processing of personal data in the loyalty program. The Data Inspectorate therefore warns of an infringement fee against Trump of NOK 5 million, says Breidablikk.

Leave a Reply

Your email address will not be published. Required fields are marked *