Finland

Breach of data protection regulations by publishing the employees’ personal phone numbers on the employer’s intranet

7 August 2024 1 min read

By Ina Törrönen and Barbara Angene

At a glance

  • A company published on its intranet the personal phone numbers of 300 bus driver employees.
  • The Deputy Data Protection Ombudsman considered that this practice violates data protection laws. He ordered the company to change its practice.

The Deputy Data Protection Ombudsman considered that a company had breached data protection rules by publishing on its intranet the personal phone numbers of 300 bus driver employees in a way that they were available to all bus drivers in the company. The publication of personal phone numbers constituted a disclosure of personal data to third parties, and there were no legal grounds for the disclosure. Communication between bus drivers can also be organised in a way that is less privacy-intrusive, such as via work telephone.

In principle, employees' personal telephone numbers or e-mail addresses should only be used if it is not possible to use a work telephone number or work e-mail address. In addition, employees' personal data should only be processed by persons whose tasks include the processing of such data, eg managers or persons working in personnel management.

In its decision of 20 June 2024, the Deputy Data Protection Ombudsman issued a warning to the company for breaching data protection laws and ordered the company to change its practice.

More to explore

Breach of data protection regulations by publishing the employees’ personal phone numbers on the employer’s intranet

Finland

Breach of data protection regulations by publishing the employees’ personal phone numbers on the employer’s intranet

The Deputy Data Protection Ombudsman considered that a company had violated data protection regulations by publishing on its intranet the personal phone numbers of 300 employees.

7 August 2024 1 min read
Protecting employee data – requirements and best practices

Nigeria

Protecting employee data – requirements and best practices

Data privacy, which deals with how data is collected, processed, and stored, needs to become a key focus for employers in Nigeria.

21 May 2024 6 min read
New guidance on personal data protection

Oman

New guidance on personal data protection

On 28 January 2024, a Ministerial Decision came into force, issuing the implementing regulation for Oman‘s personal data protection law.

22 April 2024 4 min read
Personal Data Protection Decree

Vietnam

Personal Data Protection Decree

The government’s Decree 13/2023/ND-CP dated 17 April 2023 on personal data protection, came into effect on 1 July 2023.

26 March 2024 1 min read
Data Protection Authority issues recruitment Code of Conduct

Italy

Data Protection Authority issues recruitment Code of Conduct

The Data Protection Authority has published a Code of Conduct that Workforce Supply Agencies must comply with during their recruitment processes.

4 March 2024 1 min read
The Italian Data Protection Authority limits the retention of employee email metadata

Italy

The Italian Data Protection Authority limits the retention of employee email metadata

The Privacy Commissioner has imposed a significant change in employee email metadata retention policies.

20 February 2024 2 min read