The Swedish government is restricting outsourcing of privacy sensitive data, following the possible leak of all of its vehicle data, outsourced to IBM in 2015 without the proper security checks. The stricter limits on what may be outsourced, were announced at a press conference on 24 July by Prime Minister Stefan Löfven.
The data breach resulted in the resignation of two ministers, the Ministor of the Interior and the Minister of Infrastructure.
In addition to the stricter IT outsourcing limits, the National Post and Telecom Agency is to develop a management model on how to handle sensitive data. “The ambition is to create secure IT operations”, the government said in statement.
The new limits follow a data breach at the Swedish Transport Agency (Transportstyrelsen). According to press reports, Swedish driving license data and security related records were “easily accessible” to data experts in the Czech Republic and Serbia. Following the discovery of the leak, the agency’s director - who was fired for undisclosed reasons in January - was fined SEK 70,000 (about EUR 7000).
The government has instructed the Security Service (Säkerhetspolisen) to report on problems with security in public sector agencies handling sensitive records. The report is to focus in particular on outsourcing.
Sweden will also further investigate the data breach at its Transport Agency.
Announcement by the Swedish government (in Swedish)
Statement by the Swedish government (in Swedish)
The Local SE news item